Вы находитесь на странице: 1из 70

SharePoint 2013 Build Guide

Table of Contents
1 Introduction ........................................................................................................................................... 5
1.1 Purpose .......................................................................................................................................... 5
1.2 Audience ........................................................................................................................................ 5
1.3 Build Overview Process ................................................................................................................. 5
1.3.1 Pre-requisites ........................................................................................................................ 5
2 Build Process Checklist .......................................................................................................................... 6
3 Build Process ......................................................................................................................................... 7
3.1 Procure and Configure Pre-requisites ........................................................................................... 7
3.1.1 Hardware ............................................................................................................................... 7
3.1.2 Software ................................................................................................................................ 7
3.1.3 Service Accounts .................................................................................................................... 8
3.1.4 Networking ............................................................................................................................ 8
3.1.5 Active Directory ..................................................................................................................... 9
3.1.6 DNS ........................................................................................................................................ 9
3.1.7 Storage................................................................................................................................. 10
3.1.8 SSL Certificates .................................................................................................................... 10
3.2 Provision Machines ..................................................................................................................... 10
3.3 Configure Machines ..................................................................................................................... 10
3.3.1 Change Network Settings .................................................................................................... 10
3.3.2 Verify Connectivity for Default Gateway ............................................................................. 11
3.3.3 Configure Page Files ............................................................................................................ 11
3.3.4 Configure Anti-Virus Exceptions .......................................................................................... 12
3.3.5 Disable Internet Explorer Security ....................................................................................... 13
3.3.6 Disable User Account Control .............................................................................................. 14
3.3.7 Add Service Accounts to Local Administrators Group ......................................................... 14
3.3.8 Verify/Add Users to Performance Monitor Users ............................................................... 16
3.3.9 Change Time Zone ............................................................................................................... 16
3.3.10 Disable SSL 2.0 and 3.0 Support .......................................................................................... 17
3.3.11 Restrict SCHANNEL to FIPS Compliant Cipher Suites Only .................................................. 18
3.3.12 Allow CredSSP Authentication............................................................................................. 19


3.3.13 Modify WinRM Shell Property Settings ............................................................................... 20
3.4 Network Details ........................................................................................................................... 21
3.5 Install SQL Server ......................................................................................................................... 22
3.5.1 Prepare SharePoint SQL Servers .......................................................................................... 22
3.5.2 Install SQL Server ................................................................................................................. 22
3.5.3 Install SQL Server Latest Updates ........................................................................................ 24
3.6 Configure SQL Server ................................................................................................................... 24
3.6.1 Configure SQL Server to Listen on Non-Default Port .......................................................... 24
3.6.2 Security and Trace Flags ...................................................................................................... 26
3.6.3 Enable Lock Pages in Memory ............................................................................................. 27
3.6.4 Set Max Degree of Parallelism............................................................................................. 28
3.6.5 Configure SQL Server Agent Job History ............................................................................. 29
3.6.6 Configure Maximum Memory Settings ............................................................................... 30
3.6.7 Configure SQL Client Aliases ................................................................................................ 31
3.6.8 Configure SQL DNS Aliases .................................................................................................. 32
3.6.9 Configure AlwaysOn Availability Groups ............................................................................. 32
3.7 Install SharePoint Server ............................................................................................................. 36
3.7.1 Verify SharePoint Service Account Access .......................................................................... 36
3.7.2 Prepare SharePoint Servers ................................................................................................. 36
3.7.3 Configure Inbound Firewall Rules ....................................................................................... 39
3.7.4 Setup SSL Certificates using IIS ............................................................................................ 40
3.7.5 Install SharePoint Server 2013 Binaries .............................................................................. 41
3.7.6 Install Language Packs ......................................................................................................... 42
3.7.7 Install SharePoint Server 2013 Updates .............................................................................. 43
3.7.8 Install Workflow Manager ................................................................................................... 43
3.7.9 Configure SharePoint Server Farm ...................................................................................... 44
3.7.10 Create the Farm on the Server to Host Central Admin ....................................................... 44
3.7.11 Bind SSL Certificate to Central Administration Site in IIS .................................................... 47
3.7.12 Join SharePoint Servers to Farm .......................................................................................... 47
3.7.13 Enable Licensing .................................................................................................................. 49
3.7.14 Registering Managed Accounts ........................................................................................... 50
3.7.15 SharePoint Server Start Services on Server by Tier ............................................................. 51


3.7.16 Provision Distributed Cache Server ..................................................................................... 53
3.7.17 De-Provision Distributed Cache Server on other servers .................................................... 54
3.7.18 Change the Memory Allocation of the Distributed Cache Service ...................................... 54
3.7.19 Create Service Applications in SharePoint Farm ................................................................. 55
3.8 Configure Service Applications in SharePoint Farm .................................................................... 56
3.8.1 Configure Access Services ................................................................................................... 56
3.8.2 Configure Subscription Settings and App Management Service ......................................... 56
3.8.3 Configure Business Connectivity Services ........................................................................... 57
3.8.4 Configure Excel Services ...................................................................................................... 58
3.8.5 Configure Machine Translation Service ............................................................................... 59
3.8.6 Configure Managed Metadata Service ................................................................................ 60
3.8.7 Configure PerformancePoint Service .................................................................................. 61
3.8.8 Configure Search Service Application .................................................................................. 62
3.8.9 Configure Secure Store Service ........................................................................................... 63
3.8.10 Configure User Profile Services ........................................................................................... 63
3.8.11 Configure Visio Graphics Service ......................................................................................... 66
3.8.12 Configure Word Automation Services ................................................................................. 67
3.8.13 Configure Work Management Service ................................................................................ 68
3.8.14 Configure Usage and Health Data Collection Service .......................................................... 69






1 Introduction
1.1 Purpose
The purpose of this build guide is to assist the deployment team of the partner in creation of the test and
production environments. This build guide document is applicable to on-premises deployment of
SharePoint 2013.
1.2 Audience
The build guide is intended to be used by the deployment team of the partner that is building the test
and production SharePoint environments. The team performing the build/configuration tasks detailed in
this guide should be experienced with the installation and operation of Windows, SQL Server, and
SharePoint Servers.
1.3 Build Overview Process
The build process involves creating the server machines required for the SharePoint environment and
configuring them according to the requirements of the customer.
1.3.1 Pre-requisites
Functional and non-functional requirements of the customer
Access to the internet




2 Build Process Checklist

The following table lists out the process check list items that are part of the build process. The following
sections will describe the process steps in detail.
Number Process Description Status
1

Procure and configure pre-requisites as per bill of materials.

2

Configure Windows Operating System

3

Install SQL Server

4

Configure SQL Server

5

Install SharePoint Server

6

Configure SharePoint Server Farm

7

Validate the build (Installation and configuration).


Procure /
Configure
Windows OS
Configuration
Install SQL
Server
SQL Server
Configuration
Install
SharePoint
Server

SP Server
Farm
Configuration
Validate Build


3 Build Process
3.1 Procure and Configure Pre-requisites
Based on the customer requirements, the following components need to be procured and configured
prior to building the server farm:
Hardware
Software
Networking
Active Directory
DNS
Storage
SSL Certificates

3.1.1 Hardware
The following hardware items are required for the SharePoint deployment. The list of items below
applies to SQL and SharePoint servers.
Virtual or physical host machine(s)
Processors
Hard disk(s)
Memory

Refer to the Capacity management and sizing overview for SharePoint Server 2013 on TechNet
http://technet.microsoft.com/en-us/library/ff758647.aspx.


3.1.2 Software
The following table lists the software components required for the server build.
Software Description
Windows Operating System Windows Server 2012 or Window Server 2008 R2 with Service Pack 1

Note: All applicable Windows updates, service packs, cumulative updates must
be included.
SQL Server 64 bit version of SQL Server 2012 with SP1

Note: All applicable service packs, cumulative updates must be included.


SharePoint Server SharePoint Server 2013

Note: All applicable service packs, cumulative updates must be included. Any
language packs (and their updates) which are desired should also be included.
Workflow Manager Workflow Manager 1.0

For all software requirements please refer to Hardware and software requirements for
SharePoint 2013 on TechNet
http://technet.microsoft.com/en-us/library/cc262485.aspx.

3.1.3 Service Accounts

Account Type Account Name Description
Setup Account Account used to setup the farm
Farm Account Account used as the farm admin
Service App Pool Account Application Pool Account for the
service applications
Content App Pool Account Application Pool account for the
content web application
Search Crawl Account Used to crawl content
Unattended Account Account used for unattended access
Profile Import account Used to import profiles from Active
Directory
SQL Service SQL Service account used during the
SQL installation
Super Reader Used to query items in the object
cache
Super User Used to query items in the object
cache

For more information about service accounts please refer Plan for administrative and service
accounts in SharePoint 2013 on TechNet http://technet.microsoft.com/en-
us/library/cc263445.aspx.

3.1.4 Networking
Load Balancer Requirements
Virtual IPs (VIP) must be assigned to the load balancer server pool for SharePoint Front-End web servers.



Virtual LAN Requirements
The following Virtual LANs (VLAN) must be created for the following traffic:
1 x User traffic
1 x Data traffic between SharePoint Front-End and Batch Processing servers
1 x Backup and Restore (BUR) traffic

3.1.5 Active Directory
The following items require the configuration in Active Directory domain:
Administrative and Service accounts for SQL Server and SharePoint Server Farm
Local policy change for the account used to run the SharePoint User Profile Synchronization
Service, to have log on locally permission
Domain change for the account used for User Profile Synchronization connection, to have the
replicating directory change permission.

Refer to the TechNet article at http://technet.microsoft.com/en-us/library/hh296982.aspx for
detailed steps on granting Replicate Directory Changes permission.

3.1.6 DNS
The following entries need to be created in DNS that are required for the SharePoint environment:
Host entries for Host Name Site Collections
Wildcard Host entry for SharePoint Apps

More information can be found in the following TechNet article: http://technet.microsoft.com/en-
us/library/fp161237.aspx.

The following DNS entries should be created as a prerequisite to the farm build:
Hostname/FQDN IP Address/VIP









3.1.7 Storage
The storage has to be procured and made available for the SharePoint environment.
For all storage requirements please refer to Hardware and software requirements for SharePoint
2013 on TechNet http://technet.microsoft.com/en-us/library/cc262485.aspx.

3.1.8 SSL Certificates
The following certificates are required for the SharePoint environment and they must be made available
prior to configuring the server farm:
1 x Wildcard certificate for SSL to be used by SharePoint and Workflow Manager.
1 x Wildcard certificate for SharePoint Apps Domain.

3.2 Provision Machines
Below is the list of machines that need to be provisioned.
The following table can be used to list the machines to be created:
Machine Quantity Storage/VHDs
SQL Server
Front-End Web Server
Distributed Cache Server
Back-End Server
Search Server

3.3 Configure Machines
The following configurations must be performed for the machines identified in the Scope table of each
configuration section.
Microsoft recommends to use Static Memory for the servers (machines) and Dynamic Memory
is not recommended since Search and Distributed Cache do not support it.

3.3.1 Change Network Settings
Purpose
The purpose of this section is to configure IP addresses for the network adapters of the machine.


Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server Yes
Distributed Cache Server
1
Yes
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
1. In Control Panel, go to Network and Sharing Center | Change adapter settings.
2. Right-click the Local Area Connection network adapter, and then click Properties.
3. Clear the Internet Protocol Version 6 (TCP/IPv6) check box.
4. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
5. In the Properties dialog box, select Use the following IP address, and then enter the appropriate
values for IP address, Subnet mask, Default gateway, and DNS servers.

3.3.2 Verify Connectivity for Default Gateway
Purpose
The purpose of this section is to verify the connectivity to default gateway on the machines.
Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server Yes
Distributed Cache Server
1
Yes
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
1. Open the command prompt, and ping the default gateway.
2. Verify that you get a reply. If you dont get a reply, check the network settings and confirm a VLAN
was assigned to the machine.
3. Ping and verify that each server can communicate with each other.

3.3.3 Configure Page Files



Purpose
The purpose of this section is to configure the page file for the machines.

Scope






Steps

1. In Control Panel, go to System | Advanced system settings.
2. In the System Properties dialog box, on the advanced tab, under Performance, click Settings.
3. In the Performance Options dialog box, on the advanced tab, under Virtual memory, click Change.
4. In the Virtual Memory dialog box, clear the automatically manage paging file size for all drives check
box.
5. Under Paging file size for each drive, choose drive, and click the Custom size option.
a. Initial size (MB): [refer to this kb article for proper page file size:
http://support.microsoft.com/kb/2860880]
b. Maximum size (MB): [refer to this kb article for proper page file size:
http://support.microsoft.com/kb/2860880]
6. Click OK in all open dialog boxes.
7. Restart the server to apply these changes.

3.3.4 Configure Anti-Virus Exceptions

Purpose
The purpose of this section is to configure anti-virus exceptions on the servers prior to installing SQL
Server and SharePoint Servers. These exceptions have to be modified post installation of SQL server and
SharePoint servers also.
Machine Configuration Required
SQL Server Yes
Front-End Web Server Yes
Distributed Cache Server
1
Yes
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements


Scope

Machine Configuration Required
SQL Server Yes
Front-End Web Server Yes
Distributed Cache Server
1
Yes
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
Use the SharePoint anti-virus exceptions list available in the following kb article:
http://support.microsoft.com/kb/952167
References
For a full Microsoft Anti-Virus Exclusion List see the following article:
http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx

3.3.5 Disable Internet Explorer Security
Purpose
The purpose of this section is to disable internet enhanced security.

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server Yes
Distributed Cache Server
1
Yes
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps

Windows Server 2008 R2
1. In Server Manager, under Security Information, click Configure IE ESC.
2. In the Internet Explorer Enhanced Security Configuration dialog box:


a. Under Administrators, select Off.
b. Under Users, select Off.
3. Click OK.

Windows Server 2012
1. From the start menu, open the Server Manager by clicking the Server Manager tile.
2. In the left panel click Local Server and click the link next to IE Enhanced Security Configuration.
3. In the IE Enhanced Security Configuration dialog box:
a. Under Administrators, select Off.
b. Under Users, select Off.

3.3.6 Disable User Account Control
The purpose of this section is to disable user account control and this needs to be done for every local
user.
Scope

Machine Configuration Required
SQL Server Yes
Front-End Web Server Yes
Distributed Cache Server
1
Yes
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
1. In Control Panel, go to User Accounts, and then click Change User Account Control Settings.
2. In the User Account Control Settings dialog box, change to Never Notify.
3. Click OK.

3.3.7 Add Service Accounts to Local Administrators Group
Purpose
The purpose of this section is to add administrative and service accounts to local administrators group.



Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
Yes
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
1. Use appropriate and well recognizable names used for SharePoint setup account and farm account.
2. Add the SharePoint setup account to the local administrators group to the servers mentioned in the
previous scope section.
a. Open Computer Management.
b. In the console tree, click Groups.
Computer Management\System Tools\Local Users and Groups\Groups
c. Right-click the Administrators group to which you want to add a member, click Add to
Group and then click Add.
d. In the Select Users, Computers, or Groups dialog box, do the following:
Under Enter the object names to select , type the name of the SharePoint setup account and
then click OK .
3. Add the SharePoint farm account to the local administrators group only to the servers that would
run the User Profile Synchronization Service.
a. Open Computer Management.
b. In the console tree, click Groups.
Computer Management\System Tools\Local Users and Groups\Groups
c. Right-click the Administrators group to which you want to add a member, click Add to
Group, and then click Add.
d. In the Select Users, Computers, or Groups dialog box, do the following:
Under enter the object names to select, type the name of the SharePoint farm account and
then click OK.

References
Refer to the TechNet article at http://technet.microsoft.com/en-us/library/hh296982.aspx for more
details on administrative and service accounts.
Refer to the TechNet article at http://technet.microsoft.com/en-us/library/cc772524.aspx for adding an
account to local group.



3.3.8 Verify/Add Users to Performance Monitor Users
Purpose
The purpose of this section is to verify/add accounts to local performance monitor users group.

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server Yes
Distributed Cache Server
1
Yes
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
1. Use appropriate and well recognizable names used for SharePoint farm account and WebApp Pool
account.
2. Add these accounts to local performance monitor users group.
a. Open Computer Management.
b. In the console tree, click Groups.
Computer Management\System Tools\Local Users and Groups\Groups
c. Right-click the Performance Monitor Users group to which you want to add a member, click Add to
Group, and then click Add.
d. In the Select Users, Computers, or Groups dialog box, do the following:
Under Enter the object names to select, type the name of the SharePoint farm account and then click
OK.

References
Refer to the TechNet article at http://technet.microsoft.com/en-us/library/cc772524.aspx for adding an
account to local group.

3.3.9 Change Time Zone
Purpose
The purpose of this section is to change the time zone of the servers.


Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server Yes
Distributed Cache Server
1
Yes
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements


Steps
1. Log on to the server.
2. Right-click the date stamp in the bottom-right tray, and select Adjust date/time.
3. On the date/time tab, click the Change Time Zone list.
4. Select the time zone of the datacenter the server is located in.

3.3.10 Disable SSL 2.0 and 3.0 Support
Purpose
The purpose of this section is to disable SSL 2.0 and 3.0 support, as part of the server hardening. The SSL
3.0 entry may not be present in the registry if SSL 3.0 support was not configured.

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server Yes
Distributed Cache Server
1
Yes
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
1. At the command prompt, run regedit.exe
2. Navigate to:
HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ Proto
cols\SSL 2.0\Server
3. Right-click Server, click New, and then click DWORD (32-bit) Value.
4. Name the new item Enabled.


5. Right-click Enabled, and then click Modify.
6. In the Edit DWORD Value dialog box, set the data value to 00000000.
7. Click OK.
8. Navigate to:
HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ Proto
cols\SSL 3.0\Server
9. Right-click Server, click New, and then click DWORD (32-bit) Value.
10. Name the new item Enabled.
11. Right-click Enabled, and then click Modify.
12. In the Edit DWORD Value dialog box, set the data value to 00000000.
13. Click OK.
14. Restart the server.

3.3.11 Restrict SCHANNEL to FIPS Compliant Cipher Suites Only
Purpose
The purpose of this section is to disable certain ciphers for secure channel.
This setting removes the support for the following ciphers which are not FIPS compliant:
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
SSL_CK_RC4_128_WITH_MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_SHA256

The following ciphers must be added:
TLS_RSA_WITH_NULL_MD5
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521

Scope
Machine Configuration Required


Machine Configuration Required
SQL Server Yes
Front-End Web Server Yes
Distributed Cache Server
1
Yes
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
1. In the MMC snap-in, navigate to Local Computer Policy | Computer Configuration | Administrative
Templates | Network | SSL Configuration Settings.
2. Right-click SSL Cipher Suite Order, and then click Edit.
3. In the SSL Cipher Suite Order dialog box, select Enabled.
4. Under Options, in the SSL Cipher Suites text box, delete everything, and then copy and paste from
the following text.
TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_
CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_
CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES
_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WIT
H_AES_256_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WIT
H_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_RSA_WIT
H_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WIT
H_AES_256_CBC_SHA_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256
_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_
RSA_WITH_NULL_MD5
5. Click OK.

3.3.12 Allow CredSSP Authentication
Purpose
The purpose of this section is to enable CredSSP in order to support automation efforts.

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server Yes
Distributed Cache Server
1
Yes
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements



Steps
1. In the MMC snap-in, navigate to Local Computer Policy | Computer Configuration | Administrative
Templates | System | Credentials Delegation.
2. Right-click Allow Delegating Fresh Credentials, and then click Edit.
3. In the Allow Delegating Fresh Credentials dialog box, select Enabled, and then, under Options, click
Show
4. In the Show Contents dialog box, under Add servers to the list, add the value WSMAN/*.
5. Click OK in all open dialog boxes.
6. In the MMC snap-in, navigate to Local Computer Policy | Computer Configuration | Administrative
Templates | Windows Components | Windows Remote Management | WinRM Client.
7. Right-click Allow CredSSP authentication, and then click Edit.
8. In the Allow CredSSP authentication dialog box, select Enabled.
9. Click OK.

References
Refer to the TechNet article at http://technet.microsoft.com/en-us/library/hh849872.aspx for enabling
CredSSP authentication

3.3.13 Modify WinRM Shell Property Settings
Purpose
The purpose of this section is to modify the default WinRM Shell property settings in order to improve
the performance.

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server Yes
Distributed Cache Server
1
Yes
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
1. In the MMC snap-in, navigate to Local Computer Policy | Computer Configuration | Administrative
Templates | Windows Components | Windows Remote Shell.


2. Right-click Specify maximum amount of memory in MB per Shell, and then click Edit.
3. In the Specify maximum amount of memory in MB per Shell dialog box, select Enabled.
4. Under Options, in the MaxMemoryPerShellMB text box, enter 1024.
5. Click OK.
6. In the MMC snap-in, navigate to Local Computer Policy | Computer Configuration | Administrative
Templates | Windows Components | Windows Remote Shell.
7. Right-click Specify maximum number of process per Shell, and then click Edit.
8. In the Specify maximum number of processes per Shell dialog box, select Enabled.
9. Under Options, in the MaxProcessesPerShell text box, enter 64.
10. Click OK.
11. In the MMC snap-in, navigate to Local Computer Policy | Computer Configuration | Administrative
Templates | Windows Components | Windows Remote Shell.
12. Right-click Specify maximum number of remote shells per user, and then click Edit.
13. In the Specify maximum number of remote shells per user dialog box, select Enabled.
14. Under Options, in the MaxShellsPerUser text box, enter 16.
15. Click OK.

References
More information can be found in this MSDN article: http://msdn.microsoft.com/en-
us/library/windows/desktop/ee309367(v=vs.85).aspx.

3.4 Network Details
The SharePoint server farm network will be configured with three VLANs as mentioned in the section
Error! Reference source not found. Error! Reference source not found..
The following table can be used to record the VLAN details with IP addresses of all the servers.
Server Name IP Address VLAN Type Description









3.5 Install SQL Server
3.5.1 Prepare SharePoint SQL Servers
Purpose
The purpose of this section to prepare the SQL Server machines for installing SQL Server software.

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server No
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
Create Inbound Firewall Rules
1. In the Windows Firewall with Advanced Security tool, click Inbound Rules.
2. In the Actions pane, click New Rule:
3. In the New Inbound Rule Wizard, use the following settings:
Rule Type: Port
Protocol: TCP
Specific local Port: <<Non-Default Port Number>>
Action: Allow the Connection
Profile: Domain
Name: SQL Server << Non-Default Port Number>>
4. Click Finish.

3.5.2 Install SQL Server
Purpose
The purpose of this section is to install SQL Server on to the SQL Server machines.
If not called out below in Steps, use default values for the SQL installation.

Scope
Machine Configuration Required


Machine Configuration Required
SQL Server Yes
Front-End Web Server No
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
1. Browse to the SQL installation path and double click setup.exe.
2. Navigate to Installation section and select New Installation or add features to an existing
installation.
3. Use your product key.
4. On License Terms select I accept the license terms and clear Send features usage checkboxes.
5. Complete Setup Support Files step.
6. On Setup Role choose SQL Server Feature Installation.
7. On Feature Selection select the following components:
Database Engine Services
SQL Server Replication
Client Tools Connectivity
Client Tools Backwards Compatibility
Full-Text and Semantic Extractions for Search (Required for Access Services)
Management Tools - Basic
Management Tools Complete
8. On the Server Configuration page set SQL Server Agent startup type to Automatic then press Use
the same account for all SQL services and type in << SQL Server service account defined in
Functional Specification section 3.5.1>> and its password.
9. On the Server Configuration page set the SQL Server Agent startup States as follows:
Service State
SQL Server Agent Automatic
SQL Server Database Engine Automatic
SQL Server Browser Disabled

10. On the Database Engine Configuration page on Server Configuration tab select Windows
authentication mode :
11. On the Database Engine Configuration page on Server Configuration tab add the SQL Server
Administration account.


12. On the Database Engine Configuration page navigate to Data Directories tab and set/confirm the
following settings:
Drive Letter Directory Name Value
Data root directory <DriveLetter>:\Program Files\Microsoft SQL Server\
User database directory <DriveLetter>:\Program Files\Microsoft SQL
Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA
User Database log
directory
<DriveLetter>:\Program Files\Microsoft SQL
Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA
Temp DB directory <DriveLetter>:\Program Files\Microsoft SQL
Server\MSSQL10_50.MSSQLSERVER\MSSQL\Data
Temp DB log directory <DriveLetter>:\Program Files\Microsoft SQL
Server\MSSQL10_50.MSSQLSERVER\MSSQL\Data

13. On Error Reporting page clear Send Windows and SQL Server Error Reports
14. Complete installation with default settings on the rest of the pages.

3.5.3 Install SQL Server Latest Updates
Install the latest service pack for SQL Server.

3.6 Configure SQL Server
3.6.1 Configure SQL Server to Listen on Non-Default Port
Purpose
The purpose of this section is to configure the SQL server to listen on non-default port.
SQL Server provides the ability to reassign the ports that are used by the default instance and any named
instances. In SQL Server 2008 R2, and SQL Server 2012, you reassign the TCP port by using SQL Server
Configuration Manager. When you change the default ports, you make the environment more secure
against hackers who know default assignments and use them to exploit your SharePoint environment.

Scope




Machine Configuration Required
SQL Server Yes
Front-End Web Server No
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements




Steps
To configure a SQL Server instance to listen on a non-default port
1. Verify that the user account that is performing this procedure is a member of either the sysadmin or
the serveradmin fixed server role.
2. On the computer that is running SQL Server, open SQL Server Configuration Manager.
3. In the navigation pane, expand SQL Server Network Configuration.
4. Click the corresponding entry for the instance that you are configuring.
5. The default instance is listed as Protocols for MSSQLSERVER. Named instances will appear as
Protocols for named_instance.
6. In the main window in the Protocol Name column, right-click TCP/IP, and then click Properties.
7. Click the IP Addresses tab.
8. For every IP address that is assigned to the computer that is running SQL Server, there is a
corresponding entry on this tab. By default, SQL Server listens on all IP addresses that are assigned to
the computer.
9. To globally change the port that the default instance is listening on, follow these steps:
10. For each IP address except IPAll, clear all values for both TCP dynamic ports and TCP Port.
11. For IPAll, clear the value for TCP dynamic ports. In the TCP Port field, enter the port that you want
the instance of SQL Server to listen on. For example, enter 40000.
12. To globally change the port that a named instance is listening on, follow these steps:
13. For each IP address including IPAll, clear all values for TCP dynamic ports. A value of 0 for this field
indicates that SQL Server uses a dynamic TCP port for the IP address. A blank entry for this value
means that SQL Server will not use a dynamic TCP port for the IP address.
14. For each IP address except IPAll, clear all values for TCP Port.
15. For IPAll, clear the value for TCP dynamic ports. In the TCP Port field, enter the port that you want
the instance of SQL Server to listen on. For example, enter 40000.
16. Click OK.
A message indicates that that the change will not take effect until the SQL Server service is restarted.
Click OK.
17. Close SQL Server Configuration Manager.
18. Restart the SQL Server service and confirm that the computer that is running SQL Server is listening
on the port that you selected.
19. You can confirm this by looking in the Event Viewer log after you restart the SQL Server service. Look
for an information event similar to the following event:
Event Type:Information
Event Source:MSSQL$MSSQLSERVER


Event Category:(2)
Event ID:26022
Date:3/6/2008
Time:1:46:11 PM
User:N/A
Computer:computer_name
Description:
Server is listening on [ 'any' <ipv4>50000]
Verification: Optionally, include steps that users should perform to verify that the operation was
successful.

3.6.2 Security and Trace Flags
Purpose
The purpose of this configuration is to add two trace flag values 1222 (Return resources and types of
locks participating in a deadlock) and 3226 (Suppress log backup entries in the SQL error log) to assist the
operations team.

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server No
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps

In SQL Server Configuration Manager, click SQL Server Network Configuration, right-click Protocols for
MSSQLSERVER (instance name may differ depending on name used during setup), and then click
Properties.
1. In the Protocols for MSSQLSERVER Properties dialog box, click Hide Instance and then set the
property to Yes.
2. Click OK.
3. Double-click on Protocols for MSSQLSERVER.
4. Right-click Named Pipes and select Enable.


5. In the tree view on the left, click on SQL Server Services. In the right pane, double-click SQL Server
(MSSQLSERVER)
6. In the SQL Server Properties (MSSQLSERVER) dialog box, on the Advanced tab, click Startup
Parameters.
7. Under Existing Parameters scroll to the right to identify the line ending with mastlog.Idf and click
that line to select it
8. In the text box Specify a startup parameter add;-T3226;-T1222 to the end of the parameters text.
For example, a modified Startup Parameters list might appear as follows:
<drive letter>:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA\master.mdf;
a. <drive letter>:\Program Files\Microsoft SQL
Server\MSSQL10_50.MSSQLSERVER\MSSQL\LOG\ERRORLOG;
b. <drive letter>:\Program Files\Microsoft SQL
Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA\mastlog.ldf;-T3226;-T1222
9. Click OK.
10. Right-click SQL Server (MSSQLSERVER), and then click Restart.

3.6.3 Enable Lock Pages in Memory
Purpose
The purpose of the configuration is to enable locking pages in memory. Locking pages may boost
performance when paging memory to disk is expected.

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server No
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
1. Navigate to Start | Control Panel | Administrative Tools | Local Security Policy.
2. Expand Local Policies
3. Select User Rights Assignment | double-click lock pages in memory policy | add user to group
4. Enter the SQL Service Account (defined in the functional specification document) in the form
domain\user



References
Refer to the MSDN content at http://msdn.microsoft.com/en-us/library/ms190730(v=sql.105).aspx for
detailed information.

3.6.4 Set Max Degree of Parallelism
Purpose
The purpose of this section is to set the max degree of parallelism option to 1 by executing the following
script on SQL Server instances that host SharePoint Server 2013 databases.
Setting the max degree of parallelism option to 1 may boost performance and this setting suppresses
parallel plan generation.

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server No
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
1. In Object Explorer, right-click a server and select Properties.
2. Click the Advanced node.
3. In the Max Degree of Parallelism box, select the maximum number of processors to use in parallel
plan execution.

References
Refer to the TechNet article at http://technet.microsoft.com/en-us/library/ms189094.aspx for detailed
information.



3.6.5 Configure SQL Server Agent Job History
Purpose
The purpose of this section is to setup the SQL Server Agent job history log. The following settings have
to be configured:
jobhistory_max_rows=50000
jobhistory_max_rows_per_job=10000

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server No
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
Using PowerShell script:
1. Open the PowerShell console using run as administrator option.
2. Type: Sqlps
3. Perform the following command:
Invoke-SqlCmd ServerInstance WMSSQL01PDB01 Query EXEC msdb.dbo.sp_set_sqlagent_properties
@jobhistory_max_rows=50000, @jobhistory_max_rows_per_job=10000
Using the User Interface:
1. In Object Explorer, connect to an instance of the SQL Server Database Engine, and then expand that
instance.
2. Right-click SQL Server Agent, and then click Properties.
3. In the SQL Server Agent Properties dialog box, select the History page.
4. Choose from the following options:
a. Check Limit size of job history log
b. Enter 50000 for the maximum number of rows
c. Enter 10000 for maximum number of rows per job



References
Refer to the TechNet article at http://technet.microsoft.com/en-us/library/ms175072(v=sql.105).aspx
for detailed information.

3.6.6 Configure Maximum Memory Settings
Purpose
The purpose of this section is to restrict the amount of memory SQL Server can access and to make sure
that the the operating system has enough memory to prevent from paging.
The recommended setting for SQL Server max server memory would be the Total Server Memory 4 GB
(for Operating System).

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server No
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements
Steps
Run the following SQL Query in SQL Query Browser:
sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
sp_configure 'max server memory', <Total Server Memory 4 GB>;
GO
RECONFIGURE;
GO

References
Refer to the MSDN page at http://msdn.microsoft.com/en-us/library/ms178067.aspx for detailed
information.



3.6.7 Configure SQL Client Aliases
Purpose
SQL Client Aliases are used when there is a need to connect to a non-default port, non-default instance
or both.

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server No
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
Using PowerShell script:
Open a PowerShell prompt as an Administrator and type in the following:
New-ItemProperty HKLM:SOFTWARE\Microsoft\MSSQLServer\Client\ConnectTo name Alias_SPDB -
propertytype String -value DBMSSOCN,SQL1\SHAREPOINT,40000
Where,
- name is the name of the SQL client alias; this is the name to which SharePoint will connect
- value is always DBMSSOCN, followed by the SQL instance. In the example shown SQL1 is the server
name where SQL is installed and SHAREPOINT is the named instance and 40000 is the non-default
port. Use your own values.
Using the User Interface:
To configure a SQL Server client alias,
1. Verify that the user account that is performing this procedure is a member of either the sysadmin or
the serveradmin fixed server role.
2. Run the SQL Server Client Network Utility at C:\Windows\System32\cliconfg.exe
3. Click on the Alias tab
4. Click Add
5. Under Network libraries, select the TCP/IP radio button.
6. In the dialog box, in the Server Alias field, enter a name for the alias. For example, enter alias_SPDB.
7. In the Port No field, enter the port number for the database instance. For example, enter 40000.


8. In the Server name field, enter the name of the computer and SQL instance that is running SQL
Server. For example, SQL1\SharePoint
9. Click OK.

3.6.8 Configure SQL DNS Aliases
Purpose
A DNS alias for SQL allows greater flexibility for maintenance windows, outages, and failovers.

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server No
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
The following steps assume your network is using Windows Server Active Directory DNS Server. The
steps should be similar for other systems.
1. In the DNS management console, expand the tree for the domain where the SQL server resides and
expand the Forward Lookup Zone.
2. Create a new CNAME record.
3. Specify the same name as was used for the SQL Client Alias in the previous step.
4. Point the CNAME to the SQL Server where SharePoint is hosted.

References
None.

3.6.9 Configure AlwaysOn Availability Groups
Purpose
The purpose of this section is to describe on how to configure SQL Server 2012 for high availability and
disaster recovery.


The high availability will be implemented by utilizing SQL Server 2012 AlwaysOn Availability Groups in
Synchronous Commit mode.
The disaster recovery will be implemented by utilizing SQL Server 2012 log-shipping.

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server No
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
High Availability Configuration
Component Configuration Setting
Windows Server Failover Cluster (WSFC) Resource Group Required
Total SQL Nodes 2 (two)
Storage Direct Attached or SAN
AlwaysOn Mode Synchronous Commit
Failover Mode Automatic
Readable Secondary Disabled



Node
#1
Node
#2
Primary Replica
Primary Data Center
Secondary Replica
Availability Group: content
Windows Server Failover Cluster
Availability Group: search
Availability Group: other

Disaster Recovery
Component Configuration Setting
Network Path to Backup <fill-up the value>
Local Path (on primary server) to the Backup
Folder
<fill-up the value>
Backup Schedule Occurs every day every 30 minutes between 00:00:00 and
23:59:00
Deleted files older than 36 hours
Alert if no backup occurs with 4 hours
Backup Compression Compress Backup
Use a monitor server instance Disabled
Supported Databases Central Administration Content database
Content databases
App Management
Search Analytics (not recommended)
Secure Store
Usage and Health (not recommended)
Subscription
Profile
Social
Managed Metadata
Taxonomy
Translation
Business Data Connectivity
Project Server
PerformancePoint
Unsupported Databases SharePoint Configuration


Search Admin
Search Crawl
Search Link
Profile Sync
Word Automation
State

Primary Data Center Disaster Recovery Data Center
Node
#3
Disaster Recovery Databases
Log-Shipping
Node
#1
Node
#2
Primary Replica
Secondary Replica
Availability Group: content
Windows Server Failover Cluster
Availability Group: search
Availability Group: other


References
Please configure the AlwaysOn availability groups according to http://technet.microsoft.com/en-
us/library/jj715261.aspx
Please configure log shipping for disaster recovery solution according to
http://technet.microsoft.com/en-us/library/ms190640.aspx.



3.7 Install SharePoint Server
Note: All the service accounts specified in this section should be appropriate and well recognizable.
The installation tasks in this chapter must be executed in the order listed. All SharePoint servers can be
completed concurrently. This table provides a holistic view into this section and the subsections contain
the instructions to complete each task.

3.7.1 Verify SharePoint Service Account Access
Purpose
The purpose of this section is to verify that all accounts have appropriate rights.

Scope
Machine Configuration Required
SQL Server Yes
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on the PLA topology

Steps
1. On first SharePoint Server
a. Check if Setup User Account is a domain user.
b. Check if Setup Farm Account is a domain user
2. On every SharePoint Server
a. Open Local users and groups configuration und check if Setup User Account is a member of
the Local Administrators group.
3. On SQL Server
a. Open Database Management Studio
b. Check if Setup User Account is a member of the DB_OWNER role
c. Check if Setup User Account is assigned the SECURITYADMIN and DBCREATOR security role.

3.7.2 Prepare SharePoint Servers
Perform the following configuration settings for all the SharePoint Servers.



Purpose
Prepares the SharePoint Server for installation.
This procedure currently requires all SharePoint machines to have Internet access.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
Execute Prerequisite Installer
1. Open the SharePoint installation folder.
2. Execute PrerequisiteInstaller.exe and follow the prompts to reboot the computer as needed. The
prerequisite installer will automatically restart after each reboot.
3. Restart computer after prerequisite installer has completed
Note: Use the workaround below if you are experiencing issues with running the SharePoint prerequisite
installer.

1. At this time it is not recommended to run the prerequisite installer in unattended mode.
2. Install .NET 2.0 and 3.x - from an elevated Windows PowerShell or Command Prompt
Dism /online /enable-feature /featurename:NetFx3 /All /Source:D:\sources\sxs /LimitAccess
Where D: is the Windows Server installation media.
3. Restart the computer
4. Open the SharePoint installation folder.
5. Execute PrerequisiteInstaller.exe and follow the prompts to reboot the computer as needed. The
prerequisite installer will automatically restart after each reboot.
6. Restart computer after prerequisite installer has completed.

To delete default IIS sites and application pools:


1. In the Internet Information Services (IIS) Manager, Click Sites.
2. Under Default Web Site, delete any default Web sites.
3. Click Application Pools.
4. Remove all application pools.

To configure IIS logging:
1. Navigate to Start | Control Panel | Administrative Tools |Internet Information Services (IIS) Manager
2. Select the Machine Name from left pane
3. Right click Logging and select Open Feature
a. One log file per: Server
b. Format: W3C
c. Select fields: check all fields except Cookie, Host, ProtocolVersion and Referrer
d. Click Apply on Left
4. Open Windows Explorer | <drive letter>:\inetpub | right click on LogFiles folder | Properties |
Advanced | check Compress contents to save disk space
5. Run IISReset.

Copy the following scripts to all SharePoint servers and schedule logsdel.cmd to run daily as system with
task scheduler. Create a folder called c:\inetpub\logs\maintenance jobs\ for both files.
The folder location here is providing an example, use the location that applies to your
environment.

logsdel.cmd
powershell -command "& '.\logsdel.ps1' "
logsdel.ps1
$lgs = Get-ChildItem C:\inetpub\logs\LogFiles -recurse
foreach($f in $lgs)
{
$d = ((Get-Date) - $f.CreationTime).Days
if ($d -gt 60 -and $f.PsISContainer -ne $True)
{$f.Delete()}
}



3.7.3 Configure Inbound Firewall Rules
Purpose
This step configures the Inbound Firewall Rules.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
Apply the following PowerShell script for configuring all the ports in this table:
Service Port(s)
Central Admin 443
SharePoint (intra-farm) 32843, 32844, 32845
Distributed Cache 22233, 22234, 22235, 22236
Search 16500 - 16519

1. Navigate to Start | Control Panel | Administrative Tools | Windows Firewall with Advanced Security |
Inbound Rules
2. Create new rules:
a. Inbound rule | Port | TCP | 443 | Allow the Connection| Domain | SharePoint 443
b. Inbound rule | Port | TCP | 8888 | Allow the Connection| Domain | Central Admin 8888
c. Inbound rule | Port | TCP | 32843 | Allow the Connection| Domain | SharePoint 32843
d. Inbound rule | Port | TCP | 32844 | Allow the Connection| Domain | SharePoint 32844
e. Inbound rule | Port | TCP | 3284 | Allow the Connection| Domain | SharePoint 32845
3. Open Windows Powershell and execute the following:
#SharePoint Search rule
netsh advfirewall firewall delete rule name="SharePoint Search Ports"
netsh advfirewall firewall add rule name="SharePoint Search Ports" dir=in action=allow localport="17000-
17009,808,16500-16509" protocol=TCP profile=domain

#Rules for Distributed Cache
netsh advfirewall firewall delete rule name="AppFabric Caching Ports"


netsh advfirewall firewall add rule name="AppFabric Caching Ports" dir=in action=allow localport="22233,34-
36" protocol=TCP profile=domain
netsh advfirewall firewall set rule group="AppFabric Server: AppFabric Caching Service" new enable=Yes
netsh advfirewall firewall set rule name="Remote Service Management (RPC)" new enable=Yes
netsh advfirewall firewall set rule name="Remote Service Management (RPC-EPMAP)" new enable=Yes
netsh advfirewall firewall set rule name="Remote Service Management (NP-In)" new enable=Yes

#Azure Workflow rule
netsh advfirewall firewall delete rule name="Azure Workflow Ports"
netsh advfirewall firewall add rule name="Azure Workflow Ports" dir=in action=allow
localport="4446,5112,9000-9003,9354,12290" protocol=TCP profile=domain
4. Configure the first cache host running the Distributed Cache service to allow Inbound ICMP (ICMPv4)
traffic through the firewall.

3.7.4 Setup SSL Certificates using IIS
Purpose
The following steps creates the needed certificates for the SharePoint servers IIS.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements


Steps
1. Request SSL Certificates using IIS
a. We recommend an actual SSL certificate issued either by a corporate domain certificate
authority or a third party authority. The following process is required to generate a request
that can be submitted to a certificate authority (CA) to issue the SSL certificate. Perform this
task only once on the server designated as the Central Admin server in the farm. This step
does not apply to any other servers in the farm.
2. Complete the Certificate Request using IIS
a. When a response is returned by the CA, perform the following steps on the same machine
used to request the certificate. Perform this task only once on the server designated as the
Central Admin server in the farm. This step does not apply to any other servers in the farm
and only be performed on the server which sent the request to the Certificate Authority.


3. Export SSL Certificate using IIS
a. Now that we have a complete SSL certificate, the next step is to export the certificate so we
can install on all other Front End servers. Use default values if not otherwise specified.
Perform this task only once on the server designated as the Central Admin server in the farm.
This step does not apply to any other servers in the farm.
4. Import SSL Certificate using IIS
a. Now that we have completed SSL certificate export, the next step is to import the certificate
so we can install on all other servers. Use default values if not otherwise specified. Perform
this task on all SharePoint servers in the farm. Copy the certificate to all SharePoint servers
before continuing.

References
Please refer to TechNet http://technet.microsoft.com/en-us/library/cc731977(v=ws.10).aspx for steps to
request certificates.
Please refer to TechNet http://technet.microsoft.com/en-us/library/cc771816(v=ws.10).aspx for steps to
complete the certificate request.
Please refer to TechNet http://technet.microsoft.com/en-us/library/cc731386(v=ws.10).aspx for steps to
complete the certificate export.
Please refer to TechNet http://technet.microsoft.com/en-us/library/cc732785(v=ws.10).aspx for steps to
complete the certificate import.

3.7.5 Install SharePoint Server 2013 Binaries
Purpose
The purpose of this section is to install SharePoint binaries on the machine. This step must be done on
every SharePoint machine.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements



Steps
1. Log into the server using the SharePoint Setup Account
2. In Windows Explorer, browse to and run setup.exe with administrative privileges.
3. Type your product key.
4. Choose a Server Farm installation and Complete Server Type.
5. When the Setup program is finished, a dialog box prompts you to complete the configuration of your
server. Clear the Run the SharePoint Products and Technologies Configuration Wizard now check
box.

References
Please refer to TechNet (http://technet.microsoft.com/en-us/library/ee805948.aspx#InstallSP)
installation steps are provided here also.

3.7.6 Install Language Packs
Purpose
The purpose of this section is to install SharePoint Language Packs on the machine. This step must be
done on every SharePoint machine.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements


Steps
1. Browse to the path that contains the language packs you wish to install and run the language pack.
2. Select the I accept the license terms check box, and then click Continue.
3. Follow the instructions in the wizard to install the language packs.
4. Important: Do not launch PSConfig.exe yet.



References
Please refer to TechNet http://technet.microsoft.com/en-us/library/cc262108.aspx#section4 installation
steps are provided here also.

3.7.7 Install SharePoint Server 2013 Updates
Purpose
The purpose of this section is to install SharePoint Updates on the machine. This step must be done on
every SharePoint machine.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
1. Browse to the path that contains the Update you wish to install and run the update package.
2. Select the I accept the license terms check box, and then click Continue.
3. Follow the instructions in the wizard to install the Updates.
4. Reboot the server
5. Important: Do not launch PSConfig.exe yet.

3.7.8 Install Workflow Manager
Purpose
This step installs workflow manager.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No


Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
For the streamlined install option:
1. Click the following link to download the installer: http://go.microsoft.com/fwlink/?LinkID=252092
2. The prerequisites dialog box appears. Click I accept to accept the licensing terms. A reboot may be
required.
3. The installer installs any prerequisites and then installs Workflow Manager. Click Continue to start
the Configuration Wizard.
4. Wait for the Configuration Wizard to complete and press Finish
If offline installation is needed, see the References section below.
References
MSDN: http://msdn.microsoft.com/en-us/library/windowsazure/jj193525%28v=azure.10%29.aspx.

3.7.9 Configure SharePoint Server Farm
The installation tasks must be executed in the order listed in each tier. Begin build tasks starting with the
Front End Server tier on the first server designated to host central admin. All other servers will need
completed Join servers to the farm. This table provides a holistic view to this section and the subsections
contain the instructions to complete each task.

3.7.10 Create the Farm on the Server to Host Central Admin
Purpose
This step creates the Farm and adds the first SharePoint Server part of this farm.
Before you begin: Log into the server using the SharePoint Setup Account. See also:
http://technet.microsoft.com/en-us/library/ee662513.aspx


Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes


Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
1. On the server that will host Central Administration (the application server), click Start, point to All
Programs, and then click SharePoint 2013 Products, and then click SharePoint 2013 Products
Configuration Wizard. If the User Account Control dialog box appears, click Continue.
2. On the Welcome to SharePoint Products page, click Next.
3. In the dialog box that notifies you that some services might have to be restarted during configuration,
click Yes.
4. On the Connect to a server farm page, click Create a new server farm, and then click Next.
5. On the Specify Configuration Database Settings page, do the following:
a. In the Database server box, type the name of the computer that is running SQL Server.
b. In the Database name box, type a name for your configuration database, or use the default
database name. The default name is SharePoint_Config.
c. In the Username box, type the user name of the server farm account in DOMAIN\user name
format.
Important:
The server farm account is used to create and access your configuration database. It also acts
as the application pool identity account for the SharePoint Central Administration application
pool, and it is the account under which the SharePoint Timer service runs. The SharePoint
Products Configuration Wizard adds this account to the SQL Server Login accounts, the SQL
Server dbcreator server role, and the SQL Server securityadmin server role. The user account
that you specify as the service account has to be a domain user account. However, it does not
have to be a member of any specific security group on your web servers or your database
servers. We recommend that you follow the principle of least-privilege, and specify a user
account that is not a member of the Administrators group on your front-end web servers or
your database servers.
d. In the Password box, type the user password.
6. Click Next.
7. On the Specify Farm Security Settings page, type a passphrase, and then click Next.
Although a passphrase resembles a password, it is usually longer to improve security. It is used to
encrypt credentials of accounts that are registered in SharePoint 2013. For example, the SharePoint
2013 system account that you provide when you run the SharePoint Products Configuration Wizard.
Ensure that you remember the passphrase, because you must use it every time that you add a server
to the farm.
Ensure that the passphrase meets the following criteria:
a. Contains at least eight characters


b. Contains at least three of the following four character groups:
i. English uppercase characters (from A through Z)
ii. English lowercase characters (from a through z)
iii. Numerals (from 0 through 9)
iv. Nonalphabetic characters (such as !, $, #, %)

8. On the Configure SharePoint Central Administration Web Application page, do the following:
a. Either select the Specify port number check box and type the port number that you want the
SharePoint Central Administration web application to use, or leave the Specify port number
check box cleared if you want to use the default port number.
Note:
If you want to access the SharePoint Central Administration website from a remote computer,
make sure that you allow access to the port number that you configure in this step. You do
this by configuring the inbound rule for SharePoint Central Administration v4 in Windows
Firewall with Advanced Security.
b. Click either NTLM or Negotiate (Kerberos).
9. Click Next.
10. On the Completing the SharePoint Products Configuration Wizard page, click Next.
11. On the Configuration Successful page, click Finish.
Note:
If the SharePoint Products Configuration Wizard fails, check the log files on the drive on which
SharePoint 2013 is installed, which are located in the %COMMONPROGRAMFILES%\Microsoft
Shared\Web Server Extensions\15\LOGS folder.
12. The Central Administration website will open in a new browser window.
On the Help Make SharePoint Better page, click one of the following options and then click OK.
a. Yes, I am willing to participate (Recommended).
b. No, I dont wish to participate.
13. On the Initial Farm Configuration Wizard page, you have the option to use a wizard to configure
services or you can decide to configure services manually. We use the manual option as we add
service later in this guide. Click Cancel.

References
More information can be found in the following TechNet article: http://technet.microsoft.com/en-
us/library/ee805948.aspx.



3.7.11 Bind SSL Certificate to Central Administration Site in IIS
Purpose
This step binds a SSL Certificate to the Web Application of the SharePoint Central Administration. This
step must be completed once the Configuration wizard completes

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
1. Open cmd prompt and run stsadm command: stsadm -o setadminport -ssl -port 443
2. Open IIS expand | server name | Sites | SharePoint Central Administration
3. Click the site SharePoint Central Administration and select Bindings located in the Actions Pane.
4. Select the line with port 443 and select Edit
5. Select https for Type, then select the SSL certificate to be binded.
6. Click Ok
7. Open cmd console and reset IIS.

References
More details about certificates and bind SSL to central admin, please see the following blogpost:
http://www.harbar.net/archive/2013/02/13/Using-SSL-for-Central-Administration-with-SharePoint-
2013.aspx.

3.7.12 Join SharePoint Servers to Farm
Purpose
This step joins additional SharePoint Servers to the farm.
Before continuing configuring the farm in Central Admin, add the other Back End Servers, Application
Search Servers and Front End Servers to the farm.



Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
1. Verify that the user account that is performing this procedure is the Setup user account. For
information about the Setup user account, see Initial deployment administrative and service
accounts in SharePoint 2013.
2. Start the SharePoint 2013 Products Configuration Wizard.
a. For Windows Server 2008 R2:
On the new server, click Start, point to All Programs, click Microsoft SharePoint 2013
Products, and then click SharePoint 2013 Products Configuration Wizard.
b. For Windows Server 2012:
On the new server, on the Start screen, click SharePoint 2013 Products Configuration Wizard.
If SharePoint 2013 Products Configuration Wizard is not on the Start screen:
c. Right-click Computer, click All apps, and then click SharePoint 2013 Products Configuration
Wizard.
3. On the Welcome to SharePoint Products page, click Next.
4. On the Connect to a server farm page, click Connect to an existing server farm.
5. Click Next.
6. On the Specify Configuration Database settings page, type the name of the instance of SQL Server in
the Database server box, and then click Retrieve Database Names.
7. Select the name of the configuration database in the Database name list, and then click Next.
8. On the Specify Farm Security Settings page, type the name of the farm passphrase in the Passphrase
box, and then click Next.
9. On the Completing the SharePoint Products Configuration Wizard page, click Next.
10. On the server that hosts Central Administration, click Manage servers in this farm to verify that the
new server is part of the farm.
Note:
You can also verify a successful server addition or troubleshoot a failed addition by examining the log
files. These files are located on the drive on which SharePoint 2013 is installed, in


the %COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\LOGS folder. For
more information, see Monitor health in SharePoint 2013.
11. On the Servers in Farm page, click the name of the new server. Use the list of available services on
the Services on Server page to start the services that you want to run on the new server.
12. Configure SharePoint 2013 so that the new server can accommodate the role for which it was
intended. For more information, see Configure the new server.

References
More details about joining a SharePoint Server to the farm, please see the following TechNet article:
http://technet.microsoft.com/EN-US/library/cc261752.aspx.

3.7.13 Enable Licensing
Purpose
Farm administrators now can assign licenses to users and enable license checks. This SharePoint Server
license implementation is managed by using Windows PowerShell. By default, licensing is disabled in
SharePoint Server. Administrators can opt to enable it by using PowerShell script.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements


Steps
Execute the following script to enable licensing
$allAuthUsers = New-SPClaimsPrincipal -Identity "NT Authority\Authenticated Users" -IdentityType
WindowsSecurityGroupName
Get-SPWebApplication | select Url | %{
Get-SPUserLicenseMapping -WebApplication $_.Url | Remove-SPUserLicenseMapping -Confirm:$false
New-SPUserLicenseMapping -Claim $allAuthUsers -License "Enterprise" -WebApplication $_.Url | Add-
SPUserLicenseMapping
}



References
Please refer to TechNet for steps to enable licensing: (http://technet.microsoft.com/en-
us/library/jj219627.aspx#proc1).

3.7.14 Registering Managed Accounts
Purpose
This step adds and registered the additional accounts in the farm.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
1. Navigate to Central Administration | Security | Configure Managed Accounts
2. Ensure that the following accounts are registered.
a. SharePoint Farm Account
b. SharePoint Web Application Pool Account
c. Service Application App Pool Account
d. Unattended Service Account
e. Search Content Access Account
f. AD Import Account
g. Workflow Manager Service Account
3. Navigate to Central Administration | Security | Manage Farm Administrators

References
None.



3.7.15 SharePoint Server Start Services on Server by Tier
Important: Follow the instructions carefully for configuring services to get the farm up and running in an
efficient manner. In order to ensure that nothing is missed it is recommended that each section relating
to service configuration be performed in the order presented.
Note: We do not list the User Profile Service as being activated on all Back End servers in the table below.
The service is not started until after the sync service is configured. Only activate the User Profile Service
instance on the server that you designate to run the User Profile Synchronization Service.
In Central Administration, go to System Settings | Servers | Manage services on server
Note: A drop down at the top of the list allows you to switch from server to server, so all servers
previously added to the farm can be configured any one SharePoint server. Start the service on each
machine as noted in the tables below.
Note: The Search Service will automatically be started when the Search Service application is provisioned.

Purpose
This step starts the different SharePoint services on the server. Please check server and service location
when starting the service. Services are started from the SharePoint Central Administration.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
1. Go to Central Administration
2. Navigate to Central Administration | Application | services on server
3. Check and select the server from the right side selection box references in this table as column Tier.
4. Start the Services following the table Services column.

Note: The table below will act as an example on how you could start the service on the different server
roles. The Services that will be running on the Front End and Back End servers can be run on either the


Front End servers, the Back End servers or both (more resiliency). The choice is depending on
requirements of the customer and the sizing of the different servers. A proper test plan will need to
determine the load each server can handle while running the different services and handling user
requests.

Tier Services
Front End Start the following services for the servers:
Access Services
App Management Service
Application Discovery and Load Balancer Service
Business Data Connectivity Service
Claims to Windows Token Service
Excel Calculation Service
Managed Metadata Service
Microsoft SharePoint Foundation Administration
Microsoft SharePoint Foundation Incoming E-Mail
Microsoft SharePoint Foundation Sandboxed Code Service
Microsoft SharePoint Foundation Subscription Settings Service
Microsoft SharePoint Foundation Time
Microsoft SharePoint Foundation Web Application
Performance Point Service
Search Query and Site Settings Service
Secure Store Service
User Profile Service
Visio Graphics Service
Distributed Cache
Request Management

Distributed Cache Start the following services for the servers:
Distributed Cache

Note: This distributed cache tier needs to be configured only if this
dedicated tier is required.


Search The following services will be started by automatically by the Search Service
Application

Search Host Controller Service
Search Query and Site Settings Service
SharePoint Server Search

Back End Start the following services for the servers:

User Profile Synchronization
Central Administration
Word Automation Services
Work Management Service


Machine Translation Service
Microsoft SharePoint Foundation Workflow Timer Service
Document Conversions Launcher Service
Document Conversions Load Balancer Service
Search Host Controller Service
SharePoint Server Search



3.7.16 Provision Distributed Cache Server
Purpose
The Distributed Cache service will now be added to the servers designated as the Distributed Cache
hosts. Repeat the following steps on each server designated to host the Distributed Cache service in the
farm.
This step is required if a separate Distributed Cache Server is part of the customer requirements.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server No
Distributed Cache Server
1
Yes
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
Repeat the following on each server to add the Distributed Cache service:
Open the SharePoint 2013 Management Shell (Run As Administrator), and then edit and execute the
following PowerShell command:
Add-SPDistributedCacheServiceInstance

References
The complete syntax can be found in the following MSDN article: http://technet.microsoft.com/en-
us/library/jj730445.aspx.



3.7.17 De-Provision Distributed Cache Server on other servers
Purpose
The Distributed Cache service was added to initial configuration via the configuration wizard. We will
now de-provision the Distributed Cache hosts from the other servers.
This step is required if a separate Distributed Cache Server is part of the customer requirements.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
Yes
1
These servers may be required based on customer requirements

Steps
Repeat the following on each server to add the Distributed Cache service:
Open the SharePoint 2013 Management Shell (Run As Administrator), and then edit and execute the
following PowerShell command:
Remove-SPDistributedCacheServiceInstance

References
The complete syntax can be found in the following MSDN article: http://technet.microsoft.com/EN-
US/library/jj730452.aspx.

3.7.18 Change the Memory Allocation of the Distributed Cache Service
Purpose
This step changes the configuration for the Distributed Cache service.
This step is required if a separate Distributed Cache Server is part of the customer requirements.

Scope
Machine Configuration Required


SQL Server No
Front-End Web Server No
Distributed Cache Server
1
Yes
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
Note: The cache size listed here is an example only based on the customer requirements.
1. Stop the Distributed Cache Service on all cache hosts in the farm
a. Open the Central Administration and then go to Services on Server
b. Stop the Distributed Cache service on all the servers hosting Distributed Cache
2. Reconfigure the cache size of the Distributed Cache service
a. Run the following command one time only on any cache host
b. Open the SharePoint 2013 Management Shell (Run As Administrator), and then edit and
execute the following:
Update-SPDistributedCacheSize CacheSizeInMB 11264mb
Note: The cache size should be changed to meet your requirements
3. Restart the Distributed Cache service on all cache hosts
a. Open the Central Administration and then go to Services on Server
b. Start the Distributed Cache service on all cache hosts in the farm.

References
For guidance on how much cache to allocate, please see the following TechNet article:
http://technet.microsoft.com/en-us/library/jj219613.aspx#memory.

3.7.19 Create Service Applications in SharePoint Farm
The Service accounts and Application Pool for Service Applications must be created prior to provisioning
the service applications. Please met sure that you created these upfront with logical and well-
recognizable names.



3.8 Configure Service Applications in SharePoint Farm
3.8.1 Configure Access Services
Refer to the guide available at http://www.microsoft.com/en-us/download/details.aspx?id=30445 for
detailed information about how to configure Access Services.

3.8.2 Configure Subscription Settings and App Management Service
Purpose
Apps rely on the Microsoft SharePoint Foundation Subscription Settings service applications. These
service applications use the multi-tenancy features to provide app permissions and create the
subdomains for apps. Therefore, even if you are not hosting multiple tenants, you must still establish a
name for the default tenant for your environment (any SharePoint site that is not associated with a
tenant will be in the default tenant).
Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
Basically the steps consist of the following:
1. On your DNS Servers:
a. Create a forward lookup zone for your SharePoint apps
b. Create a CNAME alias from the app domain to the SharePoint domain
c. Create a wildcard SSL certificate for the new app domain
2. On your SharePoint Servers:
a. Configure the Subscription Settings service application by using PowerShell
b. Configure the App Management service application (Central Administration or Windows
PowerShell)
c. Configure the App URLs in Central Administration



References
All detailed steps can be found in this TechNet article: http://technet.microsoft.com/en-
us/library/fp161236.aspx.

3.8.3 Configure Business Connectivity Services
Business Connectivity Services is a centralized infrastructure in SharePoint 2013 and Office 2013 that
enables you to integrate data that is not in SharePoint products and Office 2013 into SharePoint
products and Office 2013
Note that there are some prerequisites for deploying a Business Connectivity Services on-
premises solution in SharePoint 2013

Purpose
This step configures the Business Data Connectivity Services in the SharePoint Farm.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
1. Create database logins for a Business Connectivity Services on-premises solution in SharePoint 2013
2. Start the Business Data Connectivity service for a Business Connectivity Services on-premises
solution in SharePoint 2013
3. Create the Business Data Connectivity service application in SharePoint 2013
4. Set permissions on the BCS Metadata Store for a Business Connectivity Services on-premises solution
in SharePoint 2013
5. Configure the Secure Store Service for a Business Connectivity Services on-premises solution in
SharePoint 2013
6. Create an external content type for a Business Connectivity Services on-premises solution in
SharePoint 2013


7. Configure permission on an external content type for a Business Connectivity Services on-premises
solution in SharePoint 2013
8. Create an external list for a Business Connectivity Services on-premises solution in SharePoint 2013
9. Manage user permissions on an external list for a Business Connectivity Services on-premises
solution in SharePoint 2013
10. Connect an external list to Outlook for a Business Connectivity Services on-premises solution in
SharePoint 2013
11. Verify offline access and synchronization of external data in Outlook for a Business Connectivity
Services on-premises solution in SharePoint 2013

References
All detailed steps can be found in the following TechNet article: http://technet.microsoft.com/en-
us/library/jj219584.aspx.

3.8.4 Configure Excel Services
The settings provided may change depending on the customer requirements

Purpose
This step configures the Excel Service in the SharePoint Farm

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
1. Configure the application pool account
2. Register a managed account
3. Grant content database access to the managed account
4. Start the Excel Calculation Services service
5. Create an Excel Services service application



References
All detailed steps can be found in the following TechNet article: http://technet.microsoft.com/en-
us/library/jj219698.aspx.

3.8.5 Configure Machine Translation Service
Machine Translation is used to quickly translate documents from one language to another.

Purpose
This step configures the Machine Translation Service in the SharePoint Farm.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server No
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
To create a Machine Translation service application by using Central Administration
1. Verify that the user account that is performing this procedure is a member of the Farm
Administrators SharePoint group and the Administrators group on the computer that is running
Central Administration.
2. On the Central Administration home page, in the Application Management section, click Manage
service applications.
3. On the ribbon, click New, and then click Machine Translation Service.
4. In the Create New Machine Translation Service Application pane, in the Name section, type a name
for the service application.
5. In the Application Pool section, do one of the following:
a. Click Use existing application pool, and then select the application pool that you want to use
from the drop-down list.
b. Click Create a new application pool, type the name of the new application pool, and then
under Select a security account for this application pool do one of the following:


i. Click Predefined to use a predefined security account, and then select the security
account from the drop-down list.
ii. Click Configurable to specify a new security account to be used for an existing
application pool. You can create a new account by clicking the Register new managed
account link.
Important:
The account that is used by the application pool must also have Full Control permissions to the User
Profile service application. If you create a new application pool and a new account, make sure that
you add the account to the list of accounts that can use the User Profile Service Application, and
grant Full Control permissions to the account. For more information, see Restrict or enable access to
a service application (SharePoint 2013).
6. In the Partitioned Mode section, select Run in partitioned mode only if you will be providing hosting
services for other sites, and the sites using it have site subscriptions.
7. In the Add to Default Proxy List section, select Add this service application's proxy to the farm's
default proxy list. If you have multiple Web applications, and want them to use different sets of
services, clear this check box.
8. In the Database section, specify the database server, database name, and authentication method for
the new service application
9. Click OK.
10. Start the Machine Translation Service.

References
More details can be found in the following TechNet article: http://technet.microsoft.com/en-
us/library/jj553772.aspx.

3.8.6 Configure Managed Metadata Service
Purpose
This step configures the Managed Metadata Service in the SharePoint Farm.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements



Steps
1. Open Central Administration
2. Click on Manage service applications which is available in the Application Management section
3. In the ribbon interface click on the Service Applications tab. In the Create group click on the drop
down arrow in the New button and click Managed Metadata Service.
4. Enter an appropriate and recognizable Service Application Name. Specify the Database Server name
and a new appropriate and recognizable Database Name.
5. Select Create new application pool and enter an appropriate and recognizable Application pool
Name.
6. Select the Managed Account from the Configurable dropdown
7. Select Report syndication import errors from Site Collections using this service application. This will
make sure that if you get an error when a web application is consuming the content types that are
shared by this service, it will be recorded in the error log of the site collection that is consuming as
well in the error log of the site collection that is publishing.
8. Select Add this service application to the farm's default list so that this service application will be
automatically added to the default proxy group
9. Click on Ok.

References
More information can be found in the following TechNet article: http://technet.microsoft.com/en-
us/library/ee424403.aspx.

3.8.7 Configure PerformancePoint Service
Purpose
This step configures the PerformancePoint Service in the SharePoint Farm.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements



Steps
Use the following procedure to create the service application.
1. In Central Administration, in the Application Management section, click Manage Service
Applications.
2. Click New, and then click PerformancePoint Service Application.
3. Type a name for the service application and select the Add this service application's proxy to the
farm's default proxy list check box.
4. Select the Create new application pool option and type a name for the application pool.
5. Under the Configurable option, select the managed account to run the application pool.
6. Click Create.
7. Click OK.

References
More information can be found in the following TechNet article: http://technet.microsoft.com/en-
us/library/ee748644.aspx.

3.8.8 Configure Search Service Application
Purpose
This step configures the Search Service in the SharePoint Farm.
Scope
Machine Configuration Required
SQL Server No
Front-End Web Server No
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
The following steps outline the main tasks to be competed:
1. Create the accounts that are required for a SharePoint Search service application
2. Create the SharePoint Search service application
3. Configure the SharePoint Search service application
4. Configure the SharePoint Search service application topology



References
All detailed steps can be found in the following TechNet article: http://technet.microsoft.com/en-
us/library/gg502597(v=office.15).

3.8.9 Configure Secure Store Service
Purpose
This step configures the Secure Store Service in the SharePoint Farm.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
To configure Secure Store, you basically perform the following steps:
1. Register a managed account in SharePoint Server 2013 to run the Secure Store application pool.
2. Start the Secure Store Service on an application server in the farm.
3. Create a Secure Store Service service application.
4. Finally you will generate an encryption key that is used to encrypt and decrypt the credentials that
are stored in the Secure Store Service database

References
All detailed steps can be found in the following TechNet article: http://technet.microsoft.com/en-
us/library/ee806866.aspx.

3.8.10 Configure User Profile Services
Purpose
This section describes the configuration required for user profile services.



Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
1. Verify that the user account that completes this procedure is a member of the Farm Administrators
SharePoint group.
2. Start SharePoint 2013 Central Administration.
3. On Central Administration, in the Application Management section, click Manage service
applications.
4. On the Manage Service Applications page, click the Service Applications tab to enable the ribbon.
5. In the Create group of the ribbon, click New, and then click User Profile Service Application in the
list of service applications to create.
6. In the Create New User Profile Service Application dialog box, in the Name section, type a unique
name for the User Profile service application.
7. In the Application Pool section, select Use existing application pool to choose an existing application
pool from the list or select Create a new application pool to create a new application pool.
8. In the Application Pool section, for the Select a security account for this application pool option,
select Predefined to choose an existing predefined security account from the list or select
Configurable to choose an existing managed account.
9. In the Profile Database section, in the Database Server box, type the name of the database server
where you want to create the profile database. In the Database Name box, type the name that you
want to use for the profile database.
10. In the Profile Database section, for the Database authentication option, select Windows
Authentication (recommended) to use Integrated Windows authentication to connect to the profile
database or select SQL authentication to enter the credentials that will be used to connect to the
profile database.
11. In the Failover Server section, in the Failover Database Server box, type the name of the database
server to be used together with SQL Server database mirroring.
12. In the Synchronization Database section, in the Database Server box, type the name of the database
server where you want to create the synchronization database. In the Database Name box, type the
name of the synchronization database.
Note: Only ASCII characters are allowed for the synchronization database name.


Note: If connecting to an existing or restored synchronization database, you must wait at least 2
minutes after you start the Sync service before importing the FIM key.
13. In the Synchronization Database section, for the Database authentication option, select Windows
Authentication (recommended) to use Integrated Windows authentication to connect to the
synchronization database or select SQL authentication to type the credentials that will be used to
connect to the synchronization database.
14. In the Failover Server section, in the Failover Database Server box, type the name of the database
server to be used together with SQL Server database mirroring.
15. In the Social Tagging Database section, in the Database Server box, type the name of the database
server where the social tagging database will be located. In the Database Name box, type the name
of the database where social tags will be stored.
16. In the Social Tagging Database section, for the Database authentication option, select Windows
Authentication (recommended) to use Integrated Windows authentication to connect to the social
tagging database or select SQL authentication to type the credentials that will be used to connect to
the social tagging database.
17. In the Failover Server section, in the Failover Database Server box, type the name of the database
server that you want to use with SQL Server database mirroring.
Important: In the Profile Synchronization Instance section, ignore this setting because this selection
is ignored when profile synchronization is configured.
18. In the My Site Host URL section, type the URL of the site collection where the My Site Host is
provisioned.
19. In the My Site Managed Path section, type the managed path where you want to create individual
My Sites.
Note: Self-service site creation can be enabled for the web application that hosts My Sites. Users
must have Create Personal Site permissions to create their own My Site. By default, this permission
is enabled in SharePoint Server 2013 for all authenticated users. Ensure that you want the default
setting to apply to the organization. Or, you can use one or more security groups to grant the Create
Personal Site permission to a subset of users in an organization.
20. In the Site Naming Format section, select one of the following formats for naming new personal
sites:
a. User name (do not resolve conflicts)
b. User name (resolve conflicts by using domain_user name)
c. Domain and user name (will not have conflicts)
21. In the Default Proxy Group section, select whether you want the proxy of this User Profile service
application to be a part of the default proxy group on this farm.

References
All detailed steps can be found in the following TechNet article: http://technet.microsoft.com/EN-
US/library/ee721052.aspx.



3.8.11 Configure Visio Graphics Service
Purpose
This step configures the Visio Graphics Service in the SharePoint Farm.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements

Steps
1. Verify that you have are a member of the farm administrators group or a Visio Services service
application administrator.
2. On the SharePoint Central Administration website Home page, in the Application Management
section, click Manage service applications.
Important:
Visio Services in SharePoint Server 2013 requires the SharePoint Server Enterprise Site Collection
Features feature to be active on each site collection where you plan to use the Visio Web Access
Web Part.
3. On the ribbon, click New, and then click Visio Graphics Service.
4. Type a name for the new service application.
5. Choose an existing application pool or create a new one.
6. Choose to create a Visio Graphics Service Application Proxy (recommended).
7. Click OK.
8. On the SharePoint Central Administration website Home page, in the Application Management
section, click Manage service applications.
9. Click the Visio Graphics Service service application that you want to configure.
10. On the Visio Graphics Service Settings page, configure the following settings:
Parameter Description
Maximum
Diagram Size
The maximum size in MB of a diagram that can be rendered. A larger size limit may lead to slower
performance if the server is under heavy load, whereas a smaller limit may prevent more complex
diagrams from being rendered. Valid values range from 1 to 50. The default value is 25 MB.
Minimum The minimum number of minutes that a diagram is cached in memory. Smaller values allow for


Cache Age more frequent data refresh operations for users, but increase CPU and memory usage on the
server. This value is per user per diagram. The interval begins when a user views a diagram. That
user cannot refresh that diagram until the interval expires. The interval begins for other users
when they first view the diagram. This parameter applies to diagrams with data connections and
diagrams with recalculations based on shape sheet functions. The automatic refresh setting in
Visio Web Parts is also constrained by this setting. Valid values range from 0 to 34560 minutes.
The default value is 5 minutes.
Maximum
Cache Age
The number of minutes after which cached diagrams are purged. Larger values decrease file I/O
and CPU load but increase memory usage on the server. Valid values range from 0 to 34560
minutes. The default value is 60 minutes.
Maximum
Recalc
Duration
The number of seconds before data refresh operations time out. Longer timeouts will allow for
more complex data connected diagrams to be recalculated, but will use more processing power.
This applies only to data connected diagrams. This parameter applies to diagrams with data
connections and diagrams with recalculations based on shape sheet functions. Valid values range
from 10 to 120. The default value is 60 seconds.
Maximum
Cache Size
The maximum cache size in MB (between 100 and 1024000) that can be used. A larger size limit
may lead to more disk resource usage by the service, while a smaller limit may impact
performance. Valid values range from 100 to 1024000. The default value is 5120 MB.
External Data The target application ID in the registered Secure Store Service that is used to reference
Unattended Service Account credentials. The Unattended Service Account is a single account that
all documents can use to refresh data. It is required when you connect to data sources external to
SharePoint Server, such as SQL Server.

11. Click OK.

References
More information about creating and configuring Visio Service can be found in the following TechNet
articles: http://technet.microsoft.com/EN-US/library/ee524058.aspx and
http://technet.microsoft.com/en-us/library/ee524061.aspx.

3.8.12 Configure Word Automation Services
Purpose
This step configures the Word Automation Service in the SharePoint Farm.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server No
Search Server
1
No
1
These servers may be required based on customer requirements



Steps
1. Verify that you are a member of the Farm Administrators group.
2. On the Central Administration Home page, in the Application Management section, click on the
Manage service applications.
3. Click on the New ribbon and then click Word Automation Services.
4. In the Name section, Type a new name for the new service application.
5. In the Application Pool section, choose an existing Application Pool or Create a New Application pool
name in the textbox.
6. In the Application Pool section, choose a proper Account from the Configurable dropdown.
7. In the Partitioned Mode section, uncheck the Run in partitioned mode checkbox.
8. In the Add to Default Proxy List section, check Add this service application's proxy to the farm's
default proxy list Checkbox.
9. Click Next.
10. In the Database section, Type the name of the database and Type the default Database Server where
that database is installed.
11. In the Database Authentication section, choose Windows authentication.
12. Click Finish.

References
More information can be found in the following blogpost: http://blogs.office.com/b/microsoft-
word/archive/2012/09/26/what-s-new-in-word-automation-services.aspx.

3.8.13 Configure Work Management Service
Purpose
This step configures the Work Management Service in the SharePoint Farm. The Work management
Service applications provides functionality to aggregate tasks to a central place.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server Yes
Distributed Cache Server
1
No
Back-End Server No


Search Server
1
No
1
These servers may be required based on customer requirements

Steps
1. Verify that the Work Management Service Application has Full Control permissions on the User
Profile Service.
2. On the Central Administration Home page, in the Application Management section, click on the
Manage service applications.
3. Click on the New ribbon and then click Work Management Service Application.
4. In the Name section, Type a new name for the new service application.
5. In the Application Pool section, choose an existing Application Pool or Create a New Application pool
name in the textbox.
6. In the Application Pool section, choose a proper Account from the Configurable dropdown.
7. Make sure the checkbox is checked for Create a proxy for this service application.
8. Click Ok.

References
More information can be found in the following TechNet article: http://technet.microsoft.com/en-
us/library/jj554516.aspx.

3.8.14 Configure Usage and Health Data Collection Service
The database server, database names, and the days retained may need to be updated to meet the
functional requirements of the customer.

Purpose
This step configures the Usage and Health Data Collection Service in the SharePoint Farm.

Scope
Machine Configuration Required
SQL Server No
Front-End Web Server No
Distributed Cache Server
1
No
Back-End Server Yes
Search Server
1
No
1
These servers may be required based on customer requirements



Steps
1. Verify that you are a member of the Farm Administrators group.
2. In Central Administration, on the home page, click Monitoring.
3. On the Monitoring page, in the Reporting section, click Configure usage and health data collection.
4. On the Configure usage and health data collection page, in the Usage Data Collection section, select
the Enable usage data collection check box.
5. In the Event Selection section, select the check boxes of the events that you want to log. Logging
uses system resources and can affect performance and disk usage. Only log those events for which
you want regular reports. For impromptu reports or investigations, enable logging for events, and
then disable logging for the events after the report or investigation is complete. For more
information, see Configure usage data collection for events by using Windows PowerShell.
6. In the Usage Data Collection Settings section, type the path of the folder to which you want usage
and health information to be written in the Log file location box. The path that you specify must
exist on each server in the farm. These settings are applied to all events.
7. In the Health Data Collection section, select the Enable health data collection check box. To change
the collection schedules, click Health Logging Schedule. You can see a list of timer jobs that collect
health data. Click any of the timer jobs to change its schedule, or disable that timer job. If you disable
a timer job, it stops collecting corresponding health data. For more information, see Timer job
reference (SharePoint 2013).
8. To change log collection schedules, click Log Collection Schedule, and then click any of the timer jobs
to change its schedule, or disable that timer job. If you disable a timer job, it stops collecting
corresponding log data.
9. In the Logging Database Server section, to change the authentication method, select either the
Windows authentication or SQL authentication option. To change the Database Server and
Database Name values, you must use Windows PowerShell. For more information, see Log usage
data in a different logging database by using Windows PowerShell.

References
More information can be found in the following TechNet article: http://technet.microsoft.com/en-
us/library/ee663480.aspx.

Оценить