SharePoint 2010: What’s New & What’s Changed

SharePoint 2010 represents a substantial upgrade beyond Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0. Here are some of the newest features, and their potential impact on businesses using SharePoint.

SharePoint Everywhere: Cross-Browser Support
Some of the new SharePoint 2010 features benefit the end users, others are useful for content managers and developers, while many features benefit administrators. One benefit which can affect everyone is compatibility with web browsers, especially because SharePoint is a web-based portal. SharePoint 2010 is officially compatible with Internet Explorer 7 and 8 on both 32-bit and 64-bit Windows platforms. Mozilla Firefox 3.6 is supported by SharePoint 2010 on Windows, Mac OS X, and other UNIX/Linux systems. Safari 4.0.4 on Mac OS X is also supported by SharePoint 2010. Although earlier versions, such as Internet Explorer 6, and later versions, such as Safari 5.0, are not officially supported, most SharePoint 2010 features will work on browsers that are largely standards-compliant. In some cases, using the newest Microsoft software does not necessarily provide the best experience. For example, only two ActiveX controls (ppslax.dll and name.dll) for Microsoft Office 2010 are reportedly supported in 64-bit browsers. Future versions of Internet Explorer (e.g. the IE9 currently in preview), Safari, and Firefox are expected to be the primary clients of SharePoint 2010 services in the future.

Foundation, Standard Server, Enterprise Server
Specific features apply to various editions and licensing of SharePoint 2010. There are two, three, or five editions of SharePoint 2010, depending on how you count. Consider this quick overview. If you want basic collaboration and SharePoint site features including sites, blogs, wikis, the SharePoint Foundation 2010 (SPF 2010) is an upgrade to WSS 3.0. Calling it the SharePoint Foundation rather than WSS 4.0 will hopefully reduce future confusion of what version of the more full-featured SharePoint this correlates to. The full-featured upgrade to Microsoft Office SharePoint Server 2007 (MOSS 2007) is is called SharePoint Server 2010 (SPS 2010). By this count, ignoring Internet-complexities, there are two versions: Foundation (SPF) and Server (SPS). Yet there are two degrees to which you can license more or less features with SPS — the client access licenses (CALs) come in two flavors: Standard and Enterprise. Thus, beyond SharePoint Foundation functionality, SharePoint Server with users with Standard CALs are licensed to use many more functions and features of SharePoint. Further still, SharePoint Server with users having both Standard and Enterprise CALs have access to the full feature set of SharePoint Server.

Cloud Clients, Native Authoring
Synergy with Microsoft Office 2010 components is strong in two ways, one for producers and another for consumers. Cloud computing services are most strongly supported by SharePoint Server 2010 for consumers of information. Authors and producers of information must typically have applications from the Office 2010 suite natively installed in order to publish content to SharePoint. As a part of the cloud evolution, several more viewers, web parts, and Office look and feel are included in SharePoint Server 2010. For example, MOSS 2007 Enterprise edition included Excel Calculation Services, and this is carried forward to SPS 2010 clients with the Enterprise CAL. The SPS 2010 Excel Services includes several enhancements such as Sparklines and Visual Slicers which add to the traditional interactive reports and dashboards for published Excel workbooks. In addition, SPS 2010 users with the Enterprise CAL can also benefit from Access Services, InfoPath Forms Services, and Visio Services. Not only can Visio diagrams which have been published to SharePoint be viewed through a web browser by users without Visio natively installed, but the Visio Services can provide recalculations based on queries and reporting from other data sources as well. Word Automation Services is even included for users of SPS with the Standard CAL.

Ribbons, Silverlight, and Presence, Oh My!
SharePoint sites can sport a more modern Office look and feel, with features such as the graphically dense richness of the Ribbon instead of simple toolbars. The Ribbon and Dialog framework are also included in both the Foundation and Server versions for customized Office-like look and feel for your own SharePoint-based applications. All editions of SharePoint 2010 are more media-rich, with features such as a Silverlight web part, more than forty other included web parts, and Photos and Presence integration all included in the Foundation. Note that any features in the Foundation are also included in the Server version. Furthermore, all features in SharePoint Server for Standard CAL users are also available for users with both the Standard and Enterprise CALs.

Like Google or Bing, But Yours
Search enhancements are one of the great hallmarks of SharePoint Server 2010. More types of content sources can be crawled to build more diverse search indexes based on the Search Connector Framework available with the Standard CAL. Other Standard search features include Query Suggestions, “Did You Mean?,” and Related Queries, Phonetic and Nickname Search, and People and Expertise Search. The Enterprise CAL adds access to Visual Best Bets, Similar Results, Contextual Search, and Deep Refinement as well as an Extensible Search Platform.

Degrees of Databasing
Separation of the former MOSS 2007 Business Data Catalog features for database access into a stratified offering of Business Connectivity Services (BCS) and the Business Data Connectivity Service in the Foundation, BCS Profile Page search drill-down details in SharePoint Server with the Standard CAL, and more advanced web parts and intelligence offered into the Enterprise CAL feature set allows SharePoint designers and deployers to select the degree of processing performed on SQL, Oracle, and other database integration from a broad palette of features.

Kevin Bacon, or Colleague Connectedness
Social networking components are moving along the road to maturity with a number of new features in both the Standard and Enterprise CAL feature sets. Many of these features carry SharePoint Server 2010 further away from a static document list orientation. Relationships between colleagues and their clientele are far better supported with this new version than with MOSS 2007. While there may still be a long way to go in this area, SharePoint is still as much a platform for customized applications as it is a product which delivers a coherent set of usable off-the-shelf features.

One If By Web, Two If By Shell
Surely, SharePoint administrators are sure to welcome the tremendous improvements in both web-based configurability as well as a new foundation for automation. The Central Administration interface has been greatly redesigned for smoother and more efficient management of classic and modern features. The SharePoint 2010 Management Shell is based on Windows PowerShell version 2.0, but offers 482 SharePoint-specific management cmdlets. These cmdlets offer a rich set of management tools which extend well beyond the STSADM.exe style of management, including cmdlets for working with Excel Services, Visio Services, and much more.

SharePoint Foundation 2010 and SharePoint Server 2010 provide a whole new level of web-based application services, a rich platform for your own web services, as well as substantial services which both integrate with Microsoft Office 2010 while offering cloud services for users without native Office applications on their mobile devices and desktops. A new era of SharePoint awaits – are you ready?

Renew! Refreshing the Pool

Healthy living can sometimes involve getting rid of bad habits.

In web hosting and web-based application environments, we have the web client software such as a web browser, a potentially huge complicated network perhaps including some proxy servers, and the web server software. On the client side we could have plugins and ancillary software such as Adobe Flash, Apple QuickTime, Microsoft Silverlight, Oracle JavaFX, and others. On the server side, the web server core, scripting environments, and the scripts themselves are all contributing/collaborating factors to stability, security, performance, and basic functionality.

Is all software perfect? Are all web developers who do basic scripting and advanced coding for your web content and applications experienced software engineers with at least bachelors or masters degrees in computer science or related disciplines? Has your software ever deadlocked, waited on an event which wasn’t going to occur anytime soon, or held on to memory it wasn’t currently using or merely neglected to release properly? Has your web software, including all libraries and assemblies on which it depends, been properly tested for all input scenarios and hardened against hacking attacks?

Because software running in both test and production environments can be prone to errors such as memory leaks, incorrect bounds checking, security flaws, or complex design and implementation issues, the web platform attempts to protect us and itself from certain activities.

In the book and film Logan’s Run, people in a fictional futuristic dystopian society are only allowed to live to a certain age prescribed by law. In the 1976 film version starring Michael York in the title role, people were believed to be “Renewed” (recycled in a sense) through a ceremony called Carousel. Logan and his colleague were seen among e throngs of people cheering “Renew!” for those others who had reached the appointed age. But was does this have to do with IIS?

On Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2, the Internet Information Services (IIS) 6.0, 7.0, and 7.5, respectively possess a feature called Application Pool Recycling. As mentioned in a previous post, IIS AppPools normally govern the starting and stopping of worker processes to meet increased and decreased demand in terms of requests and processing of web site activity within the sites running in the AppPool. However, there is more to AppPool governance than that. Like the societal rules of Logan’s Run, IIS AppPools can “prematurely” terminate worker processes based on a set of rules, including but not limited to the age of the process.

Each AppPool may be configured with distinct recycling thresholds, or they can inherit from the general web server configuration. IIS 7.5 AppPool recycling conditions include triggering recycling at fixed intervals, such as:
• Regular time intervals (in minutes)
• Fixed number of requests
• Specific times
Other conditions include memory based maximums including:
• Virtual memory usage
• Private memory usage

Combinations of these conditions could be configured on an AppPool. The choice between them, and the specific values recommended for each depend on characteristics of your applications, web server, and quality of service goals. For example, AppPool recycling can be used to work around a potential memory leak in a web application. If you have measured that the problem seems to arise approximately every 8,000 requests, a recycling condition of 7,000 requests requests could be employed to avoid the problem. Additionally, if you do not want each worker process to utilize more than ten megabytes of virtual memory, such a threshold could also be configured for the AppPool hosting the troublesome application.

Any worker process for this AppPool would be recycled (i.e. killed) after 7,000 requests had been processed, or after ten megabytes of virtual memory had been used, whichever came first.

Maintaining a realistic set of recycling thresholds for AppPools which host applications can help meet web server health goals.

Who is Running the Pool?

In a recent post, I wrote about some recent Internet Information Services (IIS) and SharePoint Server classes in which several questions had centered around Application Pools (AppPools). One or more web sites could be hosted by each AppPool, and each IIS-based web server may have many AppPools. For example, Windows Server 2008 R2, or even Windows 7, running IIS 7.5 could host several web sites.

Now let’s look at web processes and recycling of AppPools. Consider an analogue to an AppPool to be a waiting line (queue) at a bank which is serviced by several tellers. You wait in line for a while at the bank, a teller becomes available and shouts “Next!,” and you scurry up to the teller to handle your banking needs. Similarly, when you send a request to a web server, this request gets queued and dispatched to the AppPool hosting the web site. Like the tellers at the bank, the AppPool has worker processes which perform the actual transaction work.

Minimally, an AppPool needs to have at least one worker process running in order to handle web requests, just as the bank needs at least one teller working to prevent customers from getting upset. The AppPool can launch additional worker processes to help handle heavy load faster akin to the bank manager asking more tellers to open their counters for business. Each worker process runs the “World Wide Web Worker Process” program, called w3wp.exe (w3 = world wide web).

As the web traffic volume to a website,or actually to the collection of web sites hosted in the same AppPool, dies down, the AppPool can stop some (or all) of the worker processes. Thus with the launching and halting of worker processes for an AppPool being automagically managed, the AppPool is like a bank having more and fewer tellers on demand to adapt to the changing needs. This is one of the features of IIS AppPools.

Let’s take a look at two other aspects of the AppPools — identity and recycling. First, we will look at identity, and later get into recycling.

Different users who log on to a computer may have differentiated access rights or permissions to resources on that computer and other computers across the network. In like fashion, the background services hosted on servers are logged on with a service account and thereby granted or denied distinct permissions to resources on that server and across the network. Classically, Windows administrators configure special user accounts to be used as service accounts and configure the services to utilize them. Windows Server 2008 R2 offers Managed Service Accounts and Virtual Accounts for use by IIS 7.5 and other services.

Managed Service Accounts have an advantage over traditional unmanaged service accounts in that the password change management is handled automatically. This is similar to the long-standing behavior of computer accounts. In addition, these Managed Service Accounts sport automatic Kerberos service principal name (SPN) management. A close cousin to the Managed Service Account is the Virtual Account, sometimes referred to as a “managed local account” because, like a traditional local user account, the virtual account is used by the associated service(s) for access to local resources on the IIS 7.5 server. The virtual aspect of this type of account is that when a service running as a virtual account needs access to resources on other machines on the network, the computer account is used. Again, normal computer accounts have both automatic password and SPN management. Thus virtual accounts and managed service accounts both offer superior security management when compared with the customary use of user accounts as “unmanaged” service accounts.

Whether classic (user account), managed, or virtual, the service account for an AppPool must be granted permission to the configuration information for each web site hosted by the pool. Access to the content of those web sites could be governed by impersonation of the clients who have authenticated to the AppPool, with a separate anonymous access account, or with the service account itself. The details are another story. But for now what is important is to know that in the simple case, all resource (e.g. file) access and code execution in the AppPool is running as this service account. Therefore, all worker processes for this AppPool are running as this service account.

Choosing a particular service account for the AppPool identity and delegating the appropriate permissions are essential ingredients in successful web deployments. The permissions need to be assign so that identity can access the resources needed to run the resource access, scripts, and code for the sites hosted by the AppPool.

In the next post we shall address AppPool recycling.

Dive Into the Pool

Last month seemed to be Group Policy month, but now that summer is coming to northern lands, change is afoot. This month appears to be Web month. No, I’m not playing with spiders! Last week I was teaching a large Internet Information Services (IIS) class and was asked a plentiful plethora of great questions. Now this week I have a group doing an Advanced SharePoint class, which depends on the aforementioned IIS to do the web front-end (WFE) work, various application servers in the middle, with SQL Server on the back-end.

One of the questions which was fervently discussed last week was IIS Application Pools. The people this week also had some cursory questions about AppPools early on, which we recently revisited a bit with some sizing, performance, and tuning focus.

With the weather in Phoenix about to peek above 110• F, we’re entering our second order summer of the year, summer2, and many people believe it’s time to dive into the pool. But with all of the web questions I have been getting lately, I think it’s time that we dive into the AppPool.

Whenever you visit a web site, no matter how simple or complex, some software on the web server (or proxy, or cache server) must retrieve, compose, or formulate the contents and ship them back across the network to the http web client such as your web browser. Apache-based web servers have their own ways of doing this, and Microsoft IIS-based web servers have their particular way of retrieving or formulate a response to a web request.

For the sake of focus, let’s assume that we’re talking about a web server running Windows Server 2008 R2, hosting the web services with IIS 7.5. While a given web server could be hosting many web sites, differentiated by either IP address, port number, or host header value, let’s assume for the moment that the web server selects the particular web site on the server based on that information by virtue of magic. We’re also going to chalk up int eh magic category the way in which your browser or other client software found is particular server, because that story involves mythical things such as DNS which you shouldn’t let distract you from the pool.

The pool? That’s the magic we are here to describe today. Not the magic pools of C. S. Lewis’ The Magician’s Nephew, prequel to the other Narnia stories, but remember we are talking about IIS “application” pools.

Just as when you choose a line to check out at the supermarket or department store, a web server could have many service agents, like cashiers, to serve you. In some servers the service situation is more akin to a small corner grocery, while other servers are configured to more closely resemble a single line at the bank with many tellers. You never know which one you’re going to get. But IIS is not like a box of chocolates. The web administrator of the server has decided which service agent you are going to get. These web service agents are called application pools, or AppPools.

A web server administrator could configure the server with one application pool per web site. According to this style, on a server hosting ten web sites, there would be ten AppPools. With a one to one relationship, and ratio, of web sites per AppPool, the way in which the server services web requests for each site is fairly isolated from the processing of the other web sites not that server. It’s like having one line at a bank for personal checking transactions, another line for business banking, a third line for loans, and so forth.

Each AppPool has a separate queue for requests, just as each account type at a bank could hypothetically have a distinct waiting line. And this is where AppPools start to become interesting. The performance, reliability, and security of the web platform is based, in part, on the administrators’ choices of AppPool configuration. Having an AppPool host zero web sites isn’t very useful, however the choice of hosting just one web site per dedicated AppPool, or hosting several web sites with one AppPool can be decided on a pool by pool basis, typically according to the relative security, reliability, and performance needs of the sites in question.

In the next posting, we’ll look at web processes and recycling of AppPools. Then I hope to get into hosting SharePoint web apps, site collections, and sites within this context.