Deploying SharePoint 2019: Installing, Configuring, and Optimizing for On-Premises and Hybrid Scenarios

© Vlad Catrinescu and Trevor Seward 2019

Vlad Catrinescu and Trevor SewardDeploying SharePoint 2019https://doi.org/10.1007/978-1-4842-4526-2_1

1. Introduction to SharePoint 2019

Vlad Catrinescu¹  and Trevor Seward²

(1)

Greenfield Park, QC, Canada

(2)

Sultan, WA, USA

In this chapter, we will introduce SharePoint 2019, a bit of history about where is SharePoint coming from, and Microsoft’s goals for the 2019 version. We will also have a high-level overview of the new features in SharePoint 2019 as well as a few features that are deprecated, or no longer available.

A Bit of SharePoint History

SharePoint 2019 is the seventh version of SharePoint Server that Microsoft shipped to the public. First introduced in 2001, SharePoint Portal Server (the name back then) was nowhere as popular as it is now. It took a few versions, but starting with Office SharePoint Server 2007 (MOSS), SharePoint went from a CD Microsoft gave away, including 25 user licenses, to one of Microsoft’s most lucrative products. After innovating SharePoint with every release ever since, there are now over 250,000 organizations, including 85% of the Fortune 500.

While for the past few years, Microsoft’s primary focus has been to innovate SharePoint Online, part of Office 365, there are still many customers that use SharePoint Server for their collaboration needs, and Microsoft hasn’t forgotten them. Microsoft still brings new features to the cloud first, and sometimes to the cloud only, and with every On-Premises release since SharePoint 2016, most features are packaged into a version of SharePoint On-Premises.

SharePoint Server 2016 is the first version of SharePoint Server that was born in the cloud, and it has brought down many improvements to on-premises that were created and tested in the cloud. Some of those features include the MinRole topology, Zero Downtime Patching, common binaries and updates with Project Server and more. SharePoint 2016 brought many performance and stability improvements to on-premises, but a lot of business users were not impressed with the little number of new features aimed at business users.

Before talking about what is new in SharePoint 2019, let’s take a trip back in time, and look at what were the principal features released in every version of SharePoint since the beginning. In Figure 1-1, you can view a bit of SharePoint history and the important features that each version introduced.

Figure 1-1

A small history of new features in every SharePoint version

While SharePoint Server 2019 still brings some new features for IT Professionals, most new functionality in this version is for end users. Let’s look more in detail at what this version of SharePoint has to offer!

What’s New in SharePoint Server 2019

If you have been following big announcements in Office 365 for the past few years, it will be quite easy to understand what Microsoft has prepared for us in SharePoint Server 2019!

Modern SharePoint Experiences

After being used by millions of users in Office 365, the most significant evolution to SharePoint in recent years has finally made it On-Premises. Modern SharePoint Experiences include Modern SharePoint Team Sites and Communication Sites, as well as the new experience in both lists and document libraries. Let’s take a more in-depth look at each one of those experiences

Modern SharePoint Team Sites

The first pillar of modern SharePoint experiences is the Modern Team Sites seen in Figure 1-2. Modern Team Sites are responsive by default, include an out of the box news publishing engine, allowing users to share news with the rest of the team. Unlike Office 365 where most Modern Team Sites are connected to an Office 365 Group, on-premises Modern Team Sites do not need any integration with Exchange to function correctly.

Figure 1-2

Modern Team Sites

Modern SharePoint Communication Sites

The next pillar of modern SharePoint experiences is Modern Communication Sites. Communication Sites are sites that are mainly used to share news, policies, and information to the users that are included. SharePoint Server 2019 includes three different templates of Communication Sites: Blank, Topic, and Showcase. You can view a Modern Communication Site in Figure 1-3.

Figure 1-3

Modern Communication Site

Modern Lists and Libraries

Digging deeper into our sites, SharePoint Server 2019 also brings support for modern SharePoint lists and libraries. Modern SharePoint Libraries, seen in Figure 1-4, allows users to quickly view information about their documents, including permissions and metadata. Another useful Office 365 feature brought over to SharePoint 2019 are the Move To and Copy To actions, allowing users to quickly change the location of a document to a more appropriate one.

Figure 1-4

Modern Document Library

Modern SharePoint lists in SharePoint 2019 also include the Conditional Formatting feature seen in Figure 1-5. Conditional Formatting allows Power Users to configure different display rules for specific columns, to quickly view the status of that item.

Figure 1-5

Conditional Formatting

Modern Search Experience

The last piece of modern SharePoint to make it On-Premises in SharePoint Server 2019 is Modern Search. The Modern Search experience, seen in Figure 1-6 makes it easier for users to find documents, list items and people inside the SharePoint environment.

Figure 1-6

Modern Search in SharePoint 2019

The SharePoint Home

Our next new significant feature in SharePoint On-Premises is the SharePoint Home. The SharePoint Home, seen in Figure 1-7, brings all the news from Team Sites and Communication Sites together in a single location. All the sites you follow are also brought together, including activity from each site and quick access to your favorite sites.

Figure 1-7

The SharePoint Home

Improved SharePoint Framework Support

Another new feature in this version of SharePoint is that SharePoint Server 2019 now supports SharePoint Framework 1.4.1 to allow developers to create modern web parts that work for both SharePoint Online, as well as SharePoint On-Premises. With SharePoint Server 2019, developers can use Webhooks for list items, SharePoint Framework Client Side web parts and extensions in modern experiences, as well as Asset packaging and automatic JavaScript file hosting from app catalog.

OneDrive Synchronization with the New OneDrive Client

SharePoint Server 2019 allows organizations that are running on-premises SharePoint to profit from the latest improvements in OneDrive and Windows 10. SharePoint 2019 works with the latest version of OneDrive, also known as Next Generation Sync Client (NGSC) and supports the latest innovations in windows such as Files on Demand

Deprecated and Removed Features

While SharePoint Server 2019 brings us some fantastic new features, we also lost a few. Most of those features we could see coming in advance, as they have been deprecated or removed already from Office 365. In this section, we will only overview the list of features and specify the chapter in which their implications will be explained in more detail.

Note

In software terms, deprecation is a status applied to features to indicate that they should be avoided, typically because there is a better way to do the same functionality. Those features are still available in SharePoint Server 2019, mainly for backward compatibility, to give enterprises time to replace them with new tools. Those features will eventually be entirely removed from future versions of SharePoint.

Access Services 2010 and 2013

Access Services 2010 and 2013 allowed users to view Access Database files directly in the browser. Access Services 2013 also allowed users to create custom Access Applications that could be consumed through SharePoint as the one seen in Figure 1-8. While in Office 365, those services are not supported anymore, they are deprecated, but still part of SharePoint Server 2019.

Figure 1-8

Access Services in SharePoint 2016

InfoPath Services

InfoPath allows Power Users and Developers to create custom forms for SharePoint lists. With InfoPath 2013 being the last version of InfoPath, the associated InfoPath Services in SharePoint 2019 are now also deprecated.

Machine Translation and Variations

The Machine Translation Service which allowed users to translate sites automatically and pages to another language is now deprecated in SharePoint Server 2019. Variations are also still supported but deprecated in this version of SharePoint.

PerformancePoint Services

PerformancePoint allowed Business Intelligence specialists to create powerful dashboards and reports and display them inside of SharePoint. With the platform relying heavily on Silverlight and more modern options available such as Power BI Server, PerformancePoint Services have been deprecated in SharePoint 2019.

Site Mailbox

The Site Mailbox allowed SharePoint Team Sites to have a shared mailbox that could be consumed by the members of the site directly from SharePoint as seen in Figure 1-9. This feature has been removed from Office 365, and it’s still included, but deprecated, in SharePoint Server 2019.

Figure 1-9

Site Mailbox

Sandbox Solutions with Code

Sandbox solutions that include code have been removed in SharePoint Online since 2016, and the limitation now applies to SharePoint Server 2019 as well. SharePoint 2019 still allows you to create declarative sandbox solutions.

Multi-tenancy

First introduced in SharePoint 2013, multi-tenancy allowed you to use SharePoint On-Premises as a multi-tenant platform. This feature has been completely removed from SharePoint Server 2019, and customers that need this feature will need to remain on SharePoint Server 2016.

PowerPivot Gallery

With the release of more modern options such as Power BI Server On-Premises available to users, Microsoft has completely removed the PowerPivot Gallery in SharePoint Server 2019.

SSRS Integrated Mode

SharePoint-Integrated Mode SSRS Installs are no longer available in SharePoint Server 2019. You can still install SSRS in Native Mode with better integration than before.

Silverlight Rendering in Visio Services

With Silverlight being a platform of the past and support ending on October 12, 2021, Silverlight Based Rendering in Visio Services is now entirely removed from SharePoint Server 2019.

Some Notes and Next Steps

Now that we are familiar with what improvements SharePoint Server 2019 has to offer, in the next chapter, we will learn how to design our SharePoint 2019 farm topology to achieve maximum performance and stability with a variety of potential options.

As you will see throughout the book, both authors will share a lot of PowerShell scripts with you, and we all know that copying PowerShell from a book doesn’t always give the best results! Most of the scripts in this book are available on GitHub at the following link: https://github.com/Apress/deploying-sharepoint-2019 ! Make sure to download them all as those scripts will be useful for your life as a SharePoint 2019 administrator!

© Vlad Catrinescu and Trevor Seward 2019

Vlad Catrinescu and Trevor SewardDeploying SharePoint 2019https://doi.org/10.1007/978-1-4842-4526-2_2

2. Designing a Physical Architecture

Vlad Catrinescu¹  and Trevor Seward²

(1)

Greenfield Park, QC, Canada

(2)

Sultan, WA, USA

In this chapter, we will be reviewing physical architectures for SharePoint Server 2019, as well as networking, virtualization, and other farm considerations.

Decisions on architectures are dependent on content size, concurrent user support, overall user count, and of course monetary considerations. While this book will cover a highly available architecture with disaster recovery, many architectures remain valid for a variety of use cases and should be designed with your use case and requirements in mind.

SharePoint Server 2019 Farm Architecture

Choosing a farm architecture is a difficult decision, more so when SharePoint has never been previously deployed to the environment.

Deciding on a farm architecture largely relies on these factors:

Monetary investments available for hardware and software licensing

High availability and disaster recovery requirements (RTO/RPO)

Anticipated content size

Overall user count

Anticipated concurrent user count

Provisioned services

All of these play a factor in determining hardware and software requirements. For enterprises implementing a SharePoint farm for the first time, the anticipated content size and concurrent user count may not be easily determined, but there are load generation tools which this chapter will touch on to assist in determining what may be appropriate.

SharePoint Server can represent a significant monetary cost. Hardware requirements are on the upper end of many Document Management Systems. Each SharePoint Server must be licensed, along with each SharePoint User. Another licensing point to consider is SQL Server, and as SharePoint Server 2019 does not support SQL Express, the only option is the licensed editions of SQL Server.

Creating a highly available SharePoint farm will also raise costs not only in initial investment, but also in operational costs. The more servers and services there are to manage, the more expensive the farm becomes over time.

Which services are provisioned in the farm will also impact performance. In a farm where you have over 500 million items to crawl, it is necessary to provision a new Search Service Application. If you have additional Search Service Applications, you may also want to provision additional SharePoint Servers to handle that load.

Microsoft introduced the concept of MinRole and Zero Downtime patching. With MinRole, customers can focus on which service applications to deploy while not having to worry about where its dependent service instances will have to be started. It also automatically starts these services when they would be stopped accidentally. MinRole provides the best service placement based on Microsoft’s experience with SharePoint Online. MinRole service placement cannot be changed as it is defined in code. This may be an important consideration if you want to run any custom services within the farm. Zero Downtime patching allows for patching of a SharePoint farm without taking the farm offline, but Zero Downtime patching does not prevent any one particular server in the farm from going offline; for example, a SharePoint patch may require a reboot. This means that for effective high availability, all services within the farm must be allocated to at least two servers.

Tip

Information about each MinRole and the associated services can be found at https://docs.microsoft.com/en-us/sharepoint/administration/description-of-minrole-and-associated-services-in-sharepoint-server-2016 .

With this data in hand, a better determination can be made as to what your farm should look like.

When a server is out of compliance with a specific MinRole, it will be notated in Central Administration under Manage Servers in Farm, as shown in Figure 2-1, as well as for the specific service in Manage Services in this Farm.

Figure 2-1

Compliant role information in Central Administration

Dedicated MinRole requires a minimum of eight servers within the SharePoint farm to keep all services highly available, while shared MinRole requires four servers. High Availability will be covered further in Chapter 17.

With the basic concepts of farm architecture, the next step in the architecture process is reviewing the hardware and software requirements for SharePoint Server 2019.

Hardware and Software Requirements

SharePoint Server 2019 hardware requirements remain largely unchanged from SharePoint Server 2013 and 2016, and any production hardware provisioned for SharePoint Server 2013 or 2016 can be used with SharePoint Server 2019, as noted in Table 2-1. These are minimum requirements. Production deployments often require significantly higher specifications.

Table 2-1

Hardware Requirements

SharePoint Server 2019 can be installed on Windows Server 2016 Standard or Datacenter, as well as Windows Server 2019 Standard or Datacenter. SharePoint Server 2019 requires Desktop Experience; Windows Server Core and containers are not supported.

Each SharePoint Server requires the following prerequisites:

Active Directory Rights Management Services Client 2.1

Cumulative Update 7 for AppFabric 1.1 for Windows Server

Microsoft .NET Framework 4.7

Microsoft Identity Extensions

Microsoft Information Protection and Control Client

Microsoft ODBC Driver 11 for SQL Server

Microsoft Sync Framework Runtime v1.0 SP1 (x64)

SQL Server 2012 SP4 Native Client

Visual C++ Runtime Package for Visual Studio 2012

Visual C++ Runtime Package for Visual Studio 2017

WCF Data Services 5.6

Windows Server AppFabric 1.1

Supported versions of SQL Server are SQL Server 2016 and SQL Server 2017, Standard and Enterprise editions.

The choice for using SQL Server Standard or Enterprise will largely come down to what method of SQL Server High Availability will be used for the farm.

Virtualization plays an important role in today’s data center as well as the cloud; next we will take a look at virtualization options, as well as restrictions with regards to SharePoint Server 2019.

Virtualization

Microsoft fully supports virtualizing SharePoint Server and SQL Server on Hyper-V and other hypervisors, such as VMware ESXi, via the Server Virtualization Validation Program at www.windowsservercatalog.com/svvp.aspx . For SharePoint Server, there are restrictions on supported virtualization technologies.

Virtualization is an important technology in today’s world, providing greater density in the enterprise environment. It is important to thoroughly test performance of the underlying host hardware in order to properly plan the layout and configuration of virtual machines. For example, placing SQL Server virtual disks on the same LUN as a SharePoint Server may not be appropriate, or allocating a large number of vCPUs when a SharePoint Server may only require four vCPUs, thereby causing CPU oversubscription and reducing overall performance.

Virtualization Limitations and Restrictions

Dynamic memory techniques, which adjust the amount of virtual RAM allocated based on the load of the virtual machine, such as Hyper-V Dynamic Memory or VMware Memory Ballooning, are not supported by SharePoint Server. The Distributed Cache service and Search Server Service create memory allocations based on the memory available when those respective services start. If memory is removed from the system below the amount of memory allocated when the SharePoint Server has started, these two services would be unaware of that change in allocation and cannot adjust their memory quotas appropriately.

Differencing disks are virtual disks that multiple virtual machines may use as a base. For example, a virtual disk with Windows Server 2016 and the appropriate SharePoint Server 2019 prerequisite installed could serve as that base, and each SharePoint Server virtual machine would have its own, separate virtual disk where changes would take place. This can cause performance penalties for SharePoint Server, thus Microsoft does not support them.

Online virtual machine backups are backups of an entire virtual machine, including virtual machine configuration as well as any virtual disks. The operating system in the virtual machine, as well as any applications, is unaware of the online backup. Microsoft does not support these operations with SharePoint Server as online backups do not happen at exactly the same time throughout the farm. This could lead to inconsistencies between farm members if the backups were to be restored, including inconsistencies between the SharePoint Servers and SQL Server databases.

Like online virtual machine backups, online checkpoints, also called snapshots, are also not supported by Microsoft for the same reason. Not only do checkpoints present the same issue of farm consistency during a checkpoint rollback, but they may lead to performance issues, as checkpoints generate a new differencing virtual disk for any changes after the checkpoint was taken.

Replication of SharePoint Server virtual machines is not supported. This includes any form of replication, such as Hyper-V Replica, VMware vSphere Replication, or even Storage Area Network (SAN) block level or file level replication.

Time synchronization services at the virtual machine level should be disabled. The Windows virtual machine will then leverage an authoritative time source within the domain, either the Active Directory Domain Controller with the PDC Emulator FSMO role, or another Domain Controller member server. This ensures time is consistent between SharePoint servers within the farm.

Networking plays a very important role with SharePoint, and next we will examine the required ports for SharePoint as well as networking bandwidth and latency limitations.

Network Requirements

Microsoft recommends the use of the Windows Firewall when possible. With this in mind, and with the potential of other firewalls between SharePoint farm members, SQL Servers, and/or Domain Controllers, it is important to make sure the appropriate ports are open for SharePoint to operate properly. SharePoint will automatically create the Windows Firewall rules when SharePoint is installed. Review Table 2-2 for the ports required by SharePoint and related services.

Table 2-2

Ports Required for SharePoint

SharePoint Server requires that all servers in the farm are connected with at least 1Gbps network connectivity and 1ms response time over an average of ten minutes. Latency can be measured using any preferred tool, including ping, Psping, Hrping, and others. Microsoft does expect some latency above 1 ms due to various factors, including the use of virtualization or switch fabrics adding latency. The latency limits a SharePoint member server placement to 186 miles (299 km) from each other in a vacuum; however, given that we do not live in a vacuum, the distance may be significantly reduced. Microsoft highly discourages stretched SharePoint farms, although if you do meet the requirement, they are supported.

Like SharePoint Servers in the farm, the SQL Servers must also have 1 ms or less latency to each SQL Server running in a synchronous form of replication, as well as the SharePoint servers that the SQL Servers are supporting. This means a SQL Server using AlwaysOn Availability Groups in Synchronous mode will likely need to be within a very short distance of one another.

SharePoint is heavily dependent on a healthy Active Directory forest. Domain Controllers for all domains from which SharePoint users and services reside in should be close to the SharePoint farm, preferably within 1ms RTT and connected with at least 1Gbps connectivity. Each Active Directory Domain should have two or more Domain Controllers for high availability.

Chapter 3 will discuss in further depth how Active Directory is secured for the SharePoint Server 2019 farm.

Note

Psping is a Microsoft Sysinternals Utility available from https://docs.microsoft.com/en-us/sysinternals/downloads/psping . Hrping is available from CFOS Software at www.cfos.de .

Network Load Balancers

Network Load balancers are key to providing high availability to SharePoint for your end users. While many load balancers offer SSL Offloading, this should be avoided where possible. Using SSL Offloading removes the encryption on the load balancer and sends the resulting request in clear text to the target services, such as SharePoint. SharePoint uses OAuth tokens for a variety of purposes, such as communicating with Office Online Server, Workflow Manager, and SharePoint Add-ins. OAuth tokens are plain text and rely on transport security, such as SSL, in order to remain secure. While SSL Offloading no longer provides a performance advantage in terms of CPU utilization on a server with a modern AMD or Intel processor, it can reduce the impact of the SSL handshake, which can add up to a few hundred milliseconds. Browsers will reuse the HTTP session, which may reduce the likelihood of another SSL handshake from being required. SSL Offloading may also be used for traffic inspection, looking for exploits, data validation, and so on.

In either case, explore using SSL Bridging instead of SSL Offloading. SSL Bridging decrypts the end user’s SSL session at the load balancer and re-encrypts the SSL session from the load balancer to the SharePoint server. This allows the load balancer to reuse the SSL sessions and reduce the impact of any SSL handshake.

With networking requirements restrictions and load balancer options covered, we will take a look at the Active Directory service accounts that SharePoint requires.

Service Accounts

Guidance for Service Accounts varies. In this book, we will be taking the minimalist approach, which has proven performance benefits and no known security risks. There are four recommended Managed Accounts for SharePoint; the Farm Account, Service Application, Web Application Pool Account, and Claims to Windows Token Service account. In addition, non-Managed Accounts include a Crawl Account (for Search), User Profile Synchronization (for the AD Import synchronization connection), Portal Super User (for Publishing), and Portal Super Reader (for Publishing). SQL Server should leverage a Managed Service Account. Not to be confused with a SharePoint Managed Service Account, Active Directory Managed Service Accounts provide significant benefits, such as automatic password rollover, locking the account to be used with particular servers, and prevention of use of the credential to log in interactively.

Tip

Find more information on Group Managed Service Accounts at https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview .

Each account has a specific purpose and supports various services of the SharePoint environment as outlined in Table 2-3.

Table 2-3

Service Account Rights