Step by Step: How to Implement a Three-Tier SharePoint Farm

Written by Denis Stadler on . Posted in SharePoint 2010

Post Summary

The purpose of this article is to describe how to implement a medium SharePoint Farm – three-tier, four-servers.  Before going into details I would like to recommend you to download the following file: Topologies for SharePoint 2010.

If you want you can download this post as a PDF file – How to Implement a Three-Tier SharePoint Farm.

My SharePoint Topology

My environment is hosted on Windows Server 2008 R2 Hyper-V and consists of four servers: SQL, SPLive1, SPLive2 and an Application Server.

Basically the services in farm will be split according to the following table (please take into consideration only the production environment – highlighted with green):

Furthermore the SPLiveAPP machine will host the service applications too (for example: User Profile Service, Business Data connectivity, Web analytics, Managed Metadata, Secure Store Service).

The deployment process can be structured into four big chapters:

  1. Install the prerequisites.
  2. Install the SharePoint binaries.
  3. Configuring the SharePoint server and farm.
  4. Configuring services and applications on the farm.

I won’t go into details with the classic installation of SharePoint (which corresponds to number 1 and 2). For more details about this you can read the following links from MS TechNet:

Configuring the SharePoint Server and Farm

I will go now to the deployment part assuming that SharePoint is installed on the servers (SPLive1, SPLive2 and SPLiveAPP) and that Central Administration is configured on the SPLiveAPP machine.

As you can see (in the above screenshot) I have also installed on my machine the German Language Pack for SharePoint. In order to be able to join the other servers to this farm the same language packs and security updates must be already installed on them.

For more details you can always read this TechNet article which describes a similar situation: Add a Web or application server to the farm (SharePoint Server 2010)

First of all we will add SPLive1 to the Farm, using the SharePoint Products Configuration Wizard. I will choose to connect to an existing farm.

In my case the SQL server is named SQL :) and the configuration DB of the farm is SharePoint_Config_SPLive. Then, I’m adding SPLive2 to the farm, basically by repeating the operation.

If everything is fine we should see all the servers in Central Administration -> Servers in Farm.

On the web servers (WFE) you should see the following services configured:

  • Microsoft SharePoint Foundation Incoming E-Mail
  • Microsoft SharePoint Foundation Web Application
  • Microsoft SharePoint Foundation Workflow Timer Service

Now, we have to enable a Windows NLB on SPLive1 and SPLive2 with the name of SPLive. If you are using a Hyper-V virtualized environment, before stating the NLB creation, please read this:

You have to enable the Spoofing of MAC addresses option on all the NLB cluster members (in my case SPLive1 and SPLive2). This can be done only if the virtual machines are powered off.

On SPLive1 add the Network Load Balancing feature, and then repeat the action for SPLive2.

Then on SPLive1 open the Network Load Balancing Manager console, and create a new NLB cluster (in my example I have named the cluster SPLive), starting from SPLive1.

I will limit the NLB only for port 80 which corresponds to HTTP.

Then, I will add SPLive2 to the NLB cluster.

To finish with the NLB I will add a DNS record for the newly created cluster (an A record for SPLive).

Now I will add another managed account to the SharePoint Farm. In Central Administration, click Security und then Configure managed accounts.

Under this identity will run all the web application pools and even service applications, but this is a laboratory environment. In a real environment you should plan carefully the service accounts. In theory you should isolate the shared services and even specific web applications. For example you could isolate the web application which hosts the extranet site collection(s).

For a regular implementation there could be the following service accounts:

  • DOMAIN\srv-sql – SQL Server Service account
  • DOMAIN\srv-adsync – Active Directory Sync account
  • DOMAIN\srv-splive-farm – SharePoint setup and server farm account
  • DOMAIN\srv-splive-user – SharePoint common shared services account
  • DOMAIN\srv-crawl – SharePoint search crawl account
  • DOMAIN\srv-servicesearch – General SharePoint search service account
  • DOMAIN\srv-bcs – SharePoint Business Connectivity Service service application account
  • DOMAIN\srv-mms – SharePoint managed metadata service account
  • DOMAIN\srv-ups – SharePoint User Profile Service application account

Now it’s time to create a web Application and a site collection to test the NLB, then I will configure the following shared services: User Profile Service, Business Data connectivity, Managed Metadata, Secure Store Service and Search. In Central Administration, click on Application Management, and then create a New Web Application.

In the Public URL type the FQDN address of the created NLB. In my case this was: splive.stadler.local, and then create the web application. After the creation process is finished you should see a new web site in the IIS console in both servers.

Now I’m going to extend the web application (Central Administration -> Application Management -> Extend) over the Intranet zone, using as value for the Public URL the NetBIOS name of the NLB cluster (in my case SPLive) and of course the port 80. The idea is to make the web application available for the users on both FQDN and NetBIOS names.

Now the only thing left to do is to create a site collection in order to test the farm. If everything was configured fine I should be able to pause one at the time the virtual machines forming the NLB cluster and the site collection will still be accessible via browser.

Configuring services and applications on the farm

For a standard SharePoint implementation I would like to suggest the implementation of the following shared services: Managed Metadata, Search Services, Secure Store Service (required for the future implementation of services like BDC or Excel Services), User Profile Service, Usage and Health Services, Web Analytics Services.

All this services will be implemented on the Application Server, except the Search Service. The query functionality will be provided by the WFE servers.

We will navigate to Central Administration -> Application Management -> Manage Service Applications (under the Service Applications header).

I will configure the services in the following order:

Small things to be known :):

  • Remember to start the Windows Service required by the Service Application on the desired server in the farm (in my case SPLiveAPP). A comprehensive summary for service guidance can be found in the following document: Topologies for SharePoint 2010
  • Managed Metadata Service requires a CTHub (content type hub) Site Collection; After you create the site collection please enable the Content Type Syndication Hub site collection feature;
  • Search Service doesn’t automatically configure the search topology on more than one server. If you want to split the search functions, remember to change the search topology. If you split the Query to another server(s) please start the “Search Query and Site Settings Service” service on each of the Query servers;
  • User Profile Service requires Managed Metadata Service;
  • User Profile Service requires that the SharePoint Farm Account is also a Local Administrator of the machine;
  • User Profile Service requires a Site Collection to be created using the My Site Host template;

Tags: , , , , ,

Trackback from your site.

Denis Stadler

I'm a technology enthusiast, with more than 10 years of experience in SharePoint and Dynamics CRM projects. To find more details about, please visit the about me page.

Comments (9)

  • jennifer

    |

    Do you need to have these services running on the WFE and AP servers:

    Microsoft SharePoint Foundation Web Application
    Microsoft SharePoint Foundation Workflow Timer Service

    What is the implication of having the timer service run on the AP service and the foundation web application only running on the WFEs?

    Reply

    • Denis Stadler

      |

      Please check this out – Topologies for SharePoint Server 2010.

      They both have to be only on the Web Servers. I’ll just quote below from the SharePoint 2010 Topology document.

      1. Microsoft SharePoint Foundation Web Application – Web server — Ensure that this service is started on all Web servers in a farm. Stop this service on application servers. This service provides Web server functionality. It is started by default on Web servers. Custom features scoped to Web Applications may not display in Central Administration as intended if this service is not started on the server running Central Administration and if feature cannot be deployed globally.
      2. Microsoft SharePoint Foundation Workflow Timer Service – Web server.

      Reply

  • Mario

    |

    Useful information!

    Thank you!

    Reply

  • K. Feroz

    |

    First let me thank you for this post, its awesome !!! I was following your post for my medium fram installation.

    I was just curious to know that can I implment NLB after all installations done and even my sites are up and runing ?. OR I MUST configure NLB as you have shown in your ” >>> Now, we have to enable a Windows NLB on SPLive1 and SPLive2 with the name of SPLive.”

    Please suggest!

    Reply

    • Denis Stadler

      |

      You can create the NLB afterwards.

      Just check whether the Microsoft SharePoint Foundation Web Application service is running on all the servers that you want to include in the NLB. When you enable this service, all the already defined SharePoint sites in IIS will be copied too on the new machine.

      And then create the web application using the NLB host name as host header (or extend an existing one).

      Reply

  • Bart

    |

    Great post.
    But I have a question regarding creating web application. First WebApplication should be created with NLB cluster name, what about for example second WebApplication? In my case I have on second one MySite Host. Both have been created with Host Named – the same port for both.

    The question is, the second one will be avaliable under NLB or not ? One NLB cluster balance only one WebApplication?

    Please advise.

    Reply

    • Denis Stadler

      |

      Create a DNS A record that points to the NLB ip address. Add the host named web application.

      You should see the newly created IIS web site on all the SharePoint servers part of the NLB.

      Reply

  • Ashotosh Das

    |

    Hi, This is a nice post and helped me lots. But I have a question.
    Wrongly, I have clicked start in Microsoft SharePoint Foundation Web application service in my Application server and now it become starting status. How can I stop this. However, this service is up and running in all of my web servers.
    Cheer,
    Ash

    Reply

    • Denis Stadler

      |

      Try: stsadm -o provisionservice -action start -servicetype spwebservice

      Reply

Leave a comment

*