MOSS Small Farm Instalazioa eta konfigurazioa Gerra Story

Aste honetan, I’ve struggled a bit with my team to get MOSS installed in a simple two-server farm. Having gone through it, Arazo mota estimua handiagoa txostena MSDN foroak eta beste nonbait daukat.

Azken baserriko konfigurazio:

  • SQL / Index / Intranet WFE firewall barruan.
  • DMZ, WFE.
  • Mota batzuk suebaki DMZ eta barne-zerbitzariaren arteko.

Proiektuaren aurretik hasi ginen, we let the client know which ports needed to be open. During the give and take, atzera eta aurrera baino gehiago, esplizituki inoiz ez dugu esan bi gauza garrantzitsu:

  1. SSL esan nahi du ziurtagiri bat behar duzu..
  2. The DMZ server must be part of a domain.

Egun bat, we showed up to install MOSS and learned that the domain accounts for database and MOSS hadn’t been created. To move things along, we went ahead and installed everything with a local account on the intranet server.

Puntu honetan, nahasmena aurkitu dugu ziurtagiria SSL eta gehiagoko, zoritxarrez, decided to have our infrastructure guy come back later that week to continue installing the DMZ server. Batez besteko denbora, dugu konponbidea arkitektoek mugitu aurretik enpresa stuff.

Asteburuan A doa eta bezeroaren ziurtagiria lortzen.

Gure azpiegitura lasaia erakusten du eta deskubritzen DMZ zerbitzaria ez da edozein domeinu sartu (bai konfiantza mugatua edo intranet domeinu domeinu perimetroa). We wasted nearly a 1/2 duten egunean. If we hadn’t let the missing SSL certificate bog us down, we would have discovered this earlier. Oh well….

Beste egun batean pasatzen du, eta segurtasun-batzordeak hainbat, interesatuek eta (beraz, ez) errugabeen bystanders guztiak bat datoz dela OK intranet domeinu zerbitzaria DMZ sartu (hau da poc, azken finean, ez da ekoizpen irtenbide bat).

Infrastructure guy comes in to wrap things up. This time we successfully pass through the the modern-day gauntlet affectionately known as the "SharePoint Configuration Wizard." We have a peek in central administration and … Yee HAW! … DMZ server is listed in the farm. We look a little closer and realize we broke open the Champaign a mite bit early. WSS services is stuck in a "starting" egoera.

Long Narrazio laburren, it turns out that we forgot to change the identity of the service account via central administration from the original local account to the new domain account. We did that, re-ran konfigurazio morroia eta voila! We were in business.

</amaiera>

Nire blog Harpidetu.

Technorati Tags:

5 buruzko gogoeta "MOSS Small Farm Instalazioa eta konfigurazioa Gerra Story

  1. Cimares
    Perfectly ok da It zure SQL daukazu horrelakorik to bat VLAN desberdinak / azpisare-in zure WFEs baino. Izan ere In it ari da da gomendagarria,, guztiak gisa aipatu dugun ondoren baino lehenago, , zer segurtasuna aditu-dago, SQL itsasten duzu utzi going to-dmz the in? Gomendioa da zure SQL trafiko erabiltzen ez duen erabiltzaile trafikoa interfaze gisa bereko kartak, Hala ere, nahiz eta lotura hori babes osagarriak suebaki baten bidez pas.
    The restriction related to multiple WFEs in a farm environment relates to if you’re using Microsoft load balancing, ondoren, horiek guztiak behar berean VLAN egon.
    Erantzun
  2. Paul

    I can almost beat your SSL certificate issue. We had everything created and were ready to extend the web app with SSL (gero, ataka berbideraketa 80 IIS-en). The administrator had a .cer file ready to go. But NONE of the options or crazy contortions to apply it in IIS will work–gune beti bistaratzen gune bilketa bezalako orri huts bat ez da existitzen.

    Askoz ere buru banging ondoren, we learned this was caused by the cert request not coming from that server. The administrator simply galdetu for a cert and was emailed the resulting key. With no private key, the SSL tunnel could not get built between the WFE and the browser. We wasted 1/2 duten egunean.

    Erantzun
  3. Idatzi zuen Christian:
    Oso interesgarria! I highly doubt that it shouldn’t be supported to host the WFE’s in one VLAN/DMZ and APP/SQL in another VLAN/DMZ.
    The TechNet buruzko artikulu onartzen Estraneta eszenatoki ez du inolako erreserbak, bai – but TechNet could be incorrect 🙂 None of our clients would allow their SQL Servers to sit on the same VLAN/DMZ as the WFE, beraz, espero dut, bene-benetan MS lortu oker.
    Landu ahal izango duzu zer konfigurazioa tu arazoa izan behar du? Performance arrazoi bakarra? Edo ez du esan nahi dute, hain zuzen ere, hori WFE en beharko VLAN berean / DMZ izango da? Gehiago zentzurik izango litzateke me.
    Biziki,
    Christian
    Erantzun
  4. Paul Galvin
    Hori oso ona da, galdera bat.
    Oso estu ari gara segimendua egiteko MS dokumentazioa, so I can’t imagine how they would refuse to support it. Esan, Ni ez naiz pertsona bat azpiegitura, beraz, posible da dut termino abusing nire post.
    Ulertzen dut, the correct approach is to have (gutxienez) two AD domains. One internal domain and one in the perimeter network. The perimeter network’s AD would have a "limited trust" barne AD harremana.
    But you probably already know all that 🙂
    Behean line, Ez dakit. We did not receive or look directly to Microsoft for guidance on this one.
    –Paul G
    Erantzun
  5. Tom Dietz
    Konfigurazio hori onartzen? At the SharePoint Conference in Seattle in March, I was chatting with some Microsoft Engineers and they said that supported configurations do not allow WFEs to cross VLANs or routers. I assume that since the WFE is in a DMZ, it is crossing some sort of firewall/router or is in its own VLAN.
    Beraz, funtsean, PP eta WFE / App zerbitzari guztiek eduki berdina izango da VLAN.
    Benetan honi buruz adamant ziren–it’s actually a slide in the ‘Geographical’ hedapena saio Zuk bizkarreko sarrera badute.
    Irakurri dut TechNet artikuluak ilustratzen lagin konfigurazioak hori kontraesanean beren adierazpenak, baina MS guys funtsean esan TechNet hori okerra da.
    Erantzun

Utzi iruzkin bat

Zure e-posta helbidea ez da argitaratuko. Beharrezko eremuak markatu dira *