Chapter 7 Application Management and Configuration 195 Figure 7-2 Creating a new Web application on the Application Management page 3. Select Create A New Web Application to open the Create A New Web Application page. Creating a New Web Application Through SSP Creation To create a Web application when you create a new SSP, complete the following steps: 1. On the Application Management page in Central Administration, in the Office SharePoint Server Shared Services section, select Create Or Configure This Farm’s Shared Services to open the Manage This Farm’s Shared Services page. 2. To create an SSP, select New SSP. 3. On the New Shared Services Provider page (shown in Figure 7-3), assign a unique identifier to the provider in the SSP Name box, click Create A New Web Applica- tion, and click OK to open the Create New Web Application page. Figure 7-3 Creating a new Web application when creating the SSP Assigning a Port Number or Host Header On the Create New Web Application page (see Figure 7-4), your application is automati- cally allocated a random port number, a description, and a folder location in the default local path. By default, this path is C:\Inetpub\wwwroot\wss\VirtualDirectories \portnumber. You are not, by default, given a host header value. Therefore, add it in the 196 Part II Administrating and Configuring Your Implementation Host Header box if you want to use a fully qualified domain name, such as http:// portal.contoso.msft, as well as a port number to access this Web application. Therefore, in order to connect to the Web application using the random port number, you would use http://portal.contoso.msft:46189. You must ensure that this host header URL is resolved by your users. Normally, this is achieved by adding an entry into DNS pointing the URL to the Web server. Note If you want to use port 80 and host headers for your Web applications, make sure you leave the IIS IP settings set to All Unassigned. Figure 7-4 Choosing a port and host header Best Practices Name your Web application descriptions and paths with a log- ical naming convention to easily identify them in the folder structure and in IIS. For example, instead of using “SharePoint (9845)” as the description, use “Corpo- rate Portal (9845)”, and do the same for the path. Choosing a Security Configuration On the Create New Web Application page, there are two authentication protocols avail- able for a Web application: Kerberos and NTLM. By default, it is set to NTLM authentica- tion for maximum compatibility with mixed-domain models and user account permissions, as shown in Figure 7-5. Web applications use these security mechanisms when they communicate with other servers and applications in the network, such as when communicating with the Microsoft SQL server hosting the databases. Chapter 7 Application Management and Configuration 197 Figure 7-5 Security configuration options for a Web application Kerberos authentication is more secure than NTLM authentication, but it requires a ser- vice principal name (SPN) for the domain account that SharePoint is using. This SPN, which must be added by a member of the domain administrators group, enables the SharePoint account to use Kerberos authentication. More Info For more information on configuring a Kerberos service principal name for the domain user account, refer to the Microsoft Knowledge Base article located at http://support.microsoft.com/?id=832769. When you choose NTLM authentication, it does not matter which domain account is being used by the Web application to communicate with the application pool because the application pool will run as long as it has the required permissions to access the SQL server and the Web server. The required SQL permissions for a Web application account are configured in the Security Logins page on the SQL server’s Enterprise Manager con- sole. The required roles are as follows: ■ Database Creator Role ■ Security Administrator Also in the Security Configuration section of the Create New Web Application page, you can enable anonymous access on the Web application, which enables users to gain access to the sites hosted on the Web application without authenticating. You must, however, also enable anonymous access on the site itself because enabling it on the Web applica- tion only gets the users past IIS authentication. This is a useful configuration for any Internet-facing sites, such as a company Web site. To enable Anonymous access in a site, follow these steps: 1. Click Site Actions. 2. Click Site Settings. 3. Click Modify all Settings. 198 Part II Administrating and Configuring Your Implementation 4. Click Advanced Permissions. 5. Click Settings. 6. Click Anonymous Access to define the access rights for Anonymous users. For added security, you can also enable Secure Sockets Layer (SSL) certificates on the Web application. You can choose to use certificates from both your internal certificate authority or from an authorized certificate authority such as Thawte or VeriSign. You must install the SSL certificate, however, on all servers where users will be accessing the Web application or their access attempt will fail. More Info For more information on creating an SSL certificate, see the Microsoft Knowledge Base article located at http://suppor t.microsoft. com/kb/ 299875/en-us. Creating a Load-Balanced URL When you configure a load-balanced URL, it becomes the default URL with which users access the sites hosted on this Web application. To add a load-balanced URL, complete the following steps: Note Adding a host header automatically populates the load-balanced URL. 1. On the Create New Web Application page, scroll down to the Load Balanced URL section, shown in Figure 7-6. Figure 7-6 Creating a load-balanced URL 2. Add your load-balanced URL by using the fully qualified domain that will be used by your users—for example, http://portal.contoso.msft. A load-balanced URL is used when configuring multiple front-end servers that are load- balanced using the Windows Server 2003 Network Load-Balancing Service. The Network Load-Balancing Service enables administrators to create a cluster IP address that will be shared by all front-end servers’ network cards configured in the load-balancing configu- ration. See Chapter 6, “Performing Central Administration and Operations Configura- tion,” for more information on configuring the Network Load-Balancing Service. For your users to connect to the clustered IP address, however, you should also define a load-bal- anced URL both here in the Web application and on your DNS servers so that the name resolutions match. Chapter 7 Application Management and Configuration 199 The load-balanced URL uses the default zone for user access, and this zone is matched to the URL mappings that are configured for the default zone configured in Central Admin- istration. To configure the URL mappings, complete the following steps: 1. On the Central Administration Home page, click the Operations tab. 2. On the Operations page, click Alternate Access Mappings in the Global Configura- tion section to open the Alternate Access Mappings Management page. 3. Click Add Incoming URLs. 4. Select the Web application hosting the load-balanced URL. 5. Add the load-balanced URL to the incoming URL. 6. Leave the zone set to Default. 7. Click Save. More Info See Chapter 6 for more information on Alternate Access Mappings and Zones. Configuring the Application Pool An application pool is used to configure a level of isolation between different Web appli- cations and their hosted sites. Each application pool is serviced by its own worker pro- cess (w3wp.exe). This means if one worker process hangs it will not affect other worker processes hosting different application pools. Planning You do not need to create a new application pool for every Web application because Web applications can share application pools, and each new application pool can easily consume 100 MB and more of physical memory once users start connecting to Web sites hosted on the Web applications. Only create new application pools when a site collection must have higher levels of resilience and its own physical set of memory resources. What type of install you have chosen determines how many application pools are created by default. Unless you have created a Standalone (Basic) installation, you will need to cre- ate at least one application pool for hosting the SSP and one for hosting the first Web application and its associated sites. When creating a new application pool, use a mean- ingful descriptive name to make it easy to identify in IIS. This naming strategy is espe- cially useful in a disaster recovery scenario when you might have multiple application pools and random port numbers. 200 Part II Administrating and Configuring Your Implementation When selecting a security account that will be used by the application pool, you can either choose a predefined local or network service account, or you can create and assign your own service account, as shown in Figure 7-7. In most cases, you will want to create and assign your own service account because it gives you the most flexibility for scaling out a server farm: ■ Local Service is an account that has low-level access rights on the server and is useful when you do not need to connect to resources on remote computers. This is suit- able only on a standalone installation with SharePoint and SQL Server on the same server. ■ Network Service is also a low-level access rights account, but it also has the ability to connect to remote resources. ■ Configurable allows you to assign a domain user account you created as the service account that will be used by the application pool to access the necessary services and servers, such as an SQL database. This account should be configured with the following rights: ❑ Naming format of domainname\username ❑ Local Administrator on the SharePoint server ❑ SQL database creator and security administrator server role Figure 7-7 Creating a new application pool Reset Internet Information Services Select Restart IIS Automatically so that an iisreset is performed on all Web servers after the new Web application has been replicated. See Figure 7-8. Warning If you do not select restart IIS automatically, then you will have to manually go to each Web server and run iisreset /noforce before the new sites are available to be used. Chapter 7 Application Management and Configuration 201 Figure 7-8 Reseting Internet Information Services on the Web servers Database Name and Authentication By default, the database server name presented is the SQL server configured in Central Administration and is the one used when you first installed the product and configured your farm. It is possible to specify a different SQL Server instance for a Web application. To configure the database name and authentication method, complete the following steps: 1. Scroll down the Create New Web Application page to the Database Name And Authentication section, shown in Figure 7-9. Figure 7-9 Specifying the database server and name 2. Change the Database Server if it is different than the default. 3. Choose a name for the new database, and type it in the Database Name box. 4. Select a Database Authentication method. The default is Windows Authentication. Best Practices Always name your databases with a useful description so that you can easily identify the database in backup and restore situations. For exam- ple, if this Web application was going to manage the My Corporate Portal site, you could call the database Corp_Content rather than the default of WSS_Content. When configuring the database account, use Windows authentication and, by default, your SQL server will be set to accept only Windows authentication for security purposes. This account must have Create and Modify database rights in the SQL server and use the format of domainname\username. 202 Part II Administrating and Configuring Your Implementation Search Server As shown in Figure 7-10, a Web application will use the search server that has been con- figured for the Office SharePoint Server Search service that is configured on the Services On Server page, as discussed in Chapter 6. Figure 7-10 The search server using the Office SharePoint Server Search service Assigning Additional Worker Processes to an Application Pool A simple way to add resilience and enhance performance for an application pool is to cre- ate additional worker processes associated with that application pool. All Web applica- tions and their sites will benefit from this additional availability of resources. In IIS 6.0, an application pool configuration that is supported by multiple worker processes is known as a Web garden. Creating additional worker processes creates additional w3wp.exe pro- cesses running in your operating system. You can see in Figure 7-11 that currently there are two w3wp.exe worker processes running on the SharePoint Server 2007 server. Note Create an additional worker process per 600 MB of physical memory. For example, if you have 1.5 GB of free memory at peak use of the server, you could create two additional worker processes on the server. Figure 7-11 Two worker processes Chapter 7 Application Management and Configuration 203 To create a Web garden and see the effect it has on the amount of available w3wp.exe pro- cesses, complete the following steps: 1. Open Internet Information Services Manager from your administrator tools on the SharePoint Server 2007 server where you want the additional worker processes to be created. This should be the server your users are connecting to, such as a front- end server. 2. Expand Application Pools. 3. Right-click the application pool to be configured and select Properties. 4. Select the Performance tab, shown in Figure 7-12. Under the Web Garden section, set the Maximum Number Of Worker Processes to 4. Figure 7-12 Adding more worker processes 5. Click Apply and then click OK. 6. Close the IIS Manager. 7. Open a command prompt and type IISRESET. Configuration is now complete. When the Web application that uses the application pool has multiple connections associated with it, multiple worker processes will be launched up to a maximum of four, as shown in Figure 7-13. 204 Part II Administrating and Configuring Your Implementation Note The fifth worker process shown is for the application pool running Central Administration. Figure 7-13 A Web garden with four worker processes running When a Web garden is running, each process is allocated its own memory space. This means that if you allocate 800 MB of memory to the application pool and then set up a Web garden with three processes, the application pool will divide the memory usage of 800 MB between the three processes. Provisioning a Web Application After you create a Web application, you have three options for provisioning it: ■ Option 1 Extend the Web application, and create a new site collection. ■ Option 2 Return to Central Administration, and create a new SSP. ■ Option 3 Extend the Web application, and map it to an existing site collection. Creating a New Site Collection Creating a new site collection allows you to select a template and extend the Web appli- cation with a site template. There are many new templates included with SharePoint Server 2007, and they are divided into four tabbed choices. Table 7-1 describes each of the tabs. To create a new site collection on a free Web application and choose a template, complete the following steps: 1. Go to Central Administration, and select the Application Management page. 2. Select Create Site Collection in the SharePoint Site Management section. 3. Give the site collection a title, URL, and administrator account. [...]... Overview of Knowledge Network for SharePoint Server 2007 298 Installing and Configuring Knowledge Network for SharePoint Server 2007 298 Summary 30 6 This chapter will cover the following three fundamental areas of architecting and designing your Microsoft Office SharePoint Server 2007 deployment: ■ Taxonomy ■... targeting throughout your SharePoint Sites If you previously worked with SharePoint Portal Server 20 03, you might already be familiar with the concept of Shared Services The main difference between the Shared Services model of SharePoint Portal Server 20 03 and SharePoint Server 2007 is flexibility In SharePoint Server 2007, Web applications can easily be associated with any SSP configured in your farm and... other users who share the same distribution lists or SharePoint sites This chapter also introduces Knowledge Network (KN), an extension to the core social networking features of SharePoint Server 2007 that is being offered as an add-on to SharePoint Server 2007 KN will greatly enhance and extend the social networking aspects of your SharePoint Server 2007 deployment by tapping into key user resources,... SharePoint Services, which is available from the Microsoft download center at http://www .microsoft. com/downloads It is not advisable to have the HTML Viewer service running on the same server as the SharePoint front-end servers because of the strain that can be put on the servers’ resources when rendering the Office documents into HTML After you have installed the server side of the HTML Viewer service, you... enables you to perform custom and personalized searches on that information indexed throughout your SharePoint Server 2007 deployment so that you can narrow down users with expertise in that area or involved in similar discussions Just as with the default social networking aspects of SharePoint Server 2007, users will also have the added advantage of choosing which information, such as certain e-mail... configure a server with IIS installed to render Microsoft Office system documents to users who are trying to view the documents but do not have the Microsoft Office products installed on their client machine For example, this could occur if a user is accessing the site from the Internet by using a public Internet machine To set up the service, you need to install the HTML Viewer service for Windows SharePoint. .. configured in that SSP In SharePoint Portal Server 20 03, once you configured Shared Services, you could not change the parent portal or promote one of the child portals to become the new provider of personalization services This chapter will show you the ease of centrally configuring the personalization and audience settings for Web applications using the SharePoint Server 2007 SSP model Chapter 8... product groups? Happily, with SharePoint Server 2007, you can build multiple, dissimilar taxonomies in the same interface so that users have a choice as to how they find information This section will help you to understand taxonomies and adoption of taxonomies for Web-site design, and it will provide some considerations for implementing taxonomies in SharePoint Server 2007 What Is Taxonomy? Taxonomy... the person who is to receive the document is sent the document via e-mail as an attachment instead For more information on configuring workflows, see Chapter 10, “Records Management in Microsoft Office SharePoint Server 2007. ” 225 226 Part II Administrating and Configuring Your Implementation Summary In this chapter, you looked at the configuration options for application management at both a farm level... personalization in SharePoint Server 2007 is the Shared Services Provider (SSP) SSP allows you to centrally manage all facets of personalization features, such as your users’ My Sites, configure and import user profiles from a configured directory service, such as Active Directory, and create and configure custom audiences for content targeting throughout your SharePoint Sites If you previously worked with SharePoint . Server As shown in Figure 7-10, a Web application will use the search server that has been con- figured for the Office SharePoint Server Search service that is configured on the Services On Server. additional w3wp.exe pro- cesses running in your operating system. You can see in Figure 7-11 that currently there are two w3wp.exe worker processes running on the SharePoint Server 2007 server. Note. amount of available w3wp.exe pro- cesses, complete the following steps: 1. Open Internet Information Services Manager from your administrator tools on the SharePoint Server 2007 server where you