Moss pequeno Instalación e Configuración do Farm War Story

Esta semana, I’ve struggled a bit with my team to get MOSS installed in a simple two-server farm. Having gone through it, Teño unha maior valoración para os tipos de problemas que as persoas relatan foros MSDN e noutros lugares.

A configuración final granxa:

  • SQL / Index / Intranet WFE dentro do firewall.
  • WFE na DMZ.
  • Algún tipo de devasa entre o servidor interno e DMZ.

Antes de comezar o proxecto, we let the client know which ports needed to be open. During the give and take, adiante e cara atrás ao longo dese, nunca dixo explícitamente dúas cousas importantes:

  1. SSL significa que precisa dun certificado.
  2. The DMZ server must be part of a domain.

O primeiro día, we showed up to install MOSS and learned that the domain accounts for database and MOSS hadn’t been created. To move things along, we went ahead and installed everything with a local account on the intranet server.

Neste punto, descubrimos a confusión sobre o certificado e SSL, tristemente, decided to have our infrastructure guy come back later that week to continue installing the DMZ server. Nese medio tempo, nós, arquitectos de solucións avanzou co material de negocios.

Un fin de semana pasa e que o cliente obtén o certificado.

Nosa infraestrutura cara aparece e descobre que o servidor DMZ non está asociado a calquera dominio (ou un dominio de perímetro con confianza limitada ou o dominio intranet). We wasted nearly a 1/2 día en que. If we hadn’t let the missing SSL certificate bog us down, we would have discovered this earlier. Oh well….

Outro día pasa e as distintas comisións de seguridade, partes interesadas e (non tan) inocentes todos coinciden en que non hai problema en unirse ao servidor DMZ co dominio intranet (este é un POC, ao final, non é unha solución de produción).

Infrastructure guy comes in to wrap things up. This time we successfully pass through the the modern-day gauntlet affectionately known as the "SharePoint Configuration Wizard." We have a peek in central administration and … Yee haw! … DMZ server is listed in the farm. We look a little closer and realize we broke open the Champaign a mite bit early. WSS services is stuck in a "starting" Estado.

Longa historia curta, it turns out that we forgot to change the identity of the service account via central administration from the original local account to the new domain account. We did that, re-foi o asistente de configuración e listo! We were in business.

</final>

Rexístrate para o meu blog.

5 pensamentos sobre "Moss pequeno Instalación e Configuración do Farm War Story

  1. Cimares
    É perfectamente ok para ter o seu SQL nunha VLAN diferente / subrede que os seus WFEs. En realidade, é recomendable, Despois de todo, como mencionado anteriormente, o especialista en Seguridade deixará queda SQL na DMZ? A recomendación é que o tráfico SQL non usar os mesmos tarxetas de interface como o tráfico do usuario, Con todo, mesmo esta conexión pode pas través dun firewall para protección adicional.
    The restriction related to multiple WFEs in a farm environment relates to if you’re using Microsoft load balancing, logo, estes deben estar todos na mesma VLAN.
    Responder
  2. Galicia

    I can almost beat your SSL certificate issue. We had everything created and were ready to extend the web app with SSL (logo redireccionar a porta 80 en IIS). The administrator had a .cer file ready to go. But NONE of the options or crazy contortions to apply it in IIS will work–o sitio web sempre amosa unha páxina en branco, como o conxunto de sitios web non existe.

    Despois de moito bater de cabezas, we learned this was caused by the cert request not coming from that server. The administrator simply Pregunta for a cert and was emailed the resulting key. With no private key, the SSL tunnel could not get built between the WFE and the browser. We wasted 1/2 día en que.

    Responder
  3. Christian escribiu:
    Moi interesante! I highly doubt that it shouldn’t be supported to host the WFE’s in one VLAN/DMZ and APP/SQL in another VLAN/DMZ.
    Os artigos do TechNet sobre escenarios Extranet apoiados non ten calquera reservas, ou – but TechNet could be incorrect 🙂 None of our clients would allow their SQL Servers to sit on the same VLAN/DMZ as the WFE, entón eu espero sinceramente que o MS entendeu mal.
    Pode falar un pouco sobre o que debe ser o problema coa configuración cuspindo? Só razóns de rendemento? Ou será que de feito significa que o WFE do deben estar na mesma VLAN / DMZ? Isto faría máis sentido para min.
    Sinceramente,
    Cristián
    Responder
  4. Paul Galvin
    Esta é unha pregunta moi boa.
    Estamos acompañando moi de preto a documentación de MS, so I can’t imagine how they would refuse to support it. Devandito, Eu non son unha persoa de infraestrutura, polo que é posible que estou abusando canto no meu post.
    Polo que entendín, the correct approach is to have (polo menos) two AD domains. One internal domain and one in the perimeter network. The perimeter network’s AD would have a "limited trust" relación co AD interior.
    But you probably already know all that 🙂
    Bottom line, Non sei. We did not receive or look directly to Microsoft for guidance on this one.
    –Paul G
    Responder
  5. Tom Dietz
    É esta configuración soportada? At the SharePoint Conference in Seattle in March, I was chatting with some Microsoft Engineers and they said that supported configurations do not allow WFEs to cross VLANs or routers. I assume that since the WFE is in a DMZ, it is crossing some sort of firewall/router or is in its own VLAN.
    Entón, basicamente, o DB e WFE / App Servers todos teñen que estar no mesmo VLAN.
    Eles eran realmente inflexíbel sobre este–it’s actually a slide in the ‘Geographical’ sesión de implantación, se ten acceso ao deck.
    Lin artigos do TechNet que ilustran exemplos de opcións que contradin as súas declaracións, pero as faces MS basicamente dixo que é malo TechNet.
    Responder

Deixe unha resposta

Enderezo de correo electrónico non será publicado. Os campos obrigatorios están marcados *