For me, 2010 is a year of insane travel, with events all over the globe. I actually enjoy the travel, but I miss my home, friends, family, and my golden retriever! But I really love getting out in front of and in the middle of large groups of SharePoint enthusiasts, because it’s a great way to be sure I’m in tune with the pain points that we’re all encountering with SharePoint, the problems we’re trying to solve, and the solutions we’ve found.
There are some great SharePoint events coming up in the US, worldwide, and online, and I’ve gathered the pertinent links for you. Plus, I’d also like to give you some important updates on licensing and least-privilege installation.
• Denver, SharePoint Saturday: Gurus and great guys Gary Lapointe and Todd Baginski headline a great lineup on August 7.
• Online, Dan Holme’s SharePoint MasterClass: SharePoint 2010 Administration and Upgrade: Join me, live and online, on August 17 for three of the top sessions from my full-day MasterClass.
• Gold Coast, Australia, TechEd: I’ll be deep-diving, both at the Great Barrier Reef and into SharePoint governance and technical topics, August 24-27. You can find me in the SharePoint theatre and on the show floor where I will be investing some time exploring the exciting SharePoint 2010 product line of TechEd’s major sponsor, AvePoint.
• Washington DC, Best Practices Conference: Back in the USA, a number of my esteemed colleagues will be presenting in Washington, DC, at the 2010 Best Practices Conference, also August 24-27.
• Online, Taking Control of SharePoint: Colin Spence, Wendy Hardy, and I present three admin-focused sessions at this free virtual conference on September 29.
• The Hague, Netherlands, Microsoft SharePoint Connections 2010: The world’s best independent SharePoint event teams up with Microsoft for a best-of-both-worlds summit for developers and IT Pros. I’ll be offering my MasterClass as a preconference workshop. September 26-30.
• Lisbon, Portugal, Dan Holme’s SharePoint 2010 Administration MasterClass: My intensive, one-day workshop, as well as two days’ of workshops for developers, come to southern Europe. September 30-October 1.
• Düsseldorf, Germany, The Experts Conference: I’ll be joining a number of experts from around the world at this Quest-sponsored event that covers identity (Active Directory), Exchange, and SharePoint. October 1-4.
• Las Vegas, NV, SharePoint Connections: A not-to-be-missed event in North America, featuring the best & brightest experts and peers. Co-located with Connections events covering a broad range of Microsoft technologies. November 1-4. I’ll be delivering my one-day MasterClass as a preconference workshop.
License to Kill Update
I’ve received a number of compliments and questions about my License To Kill, Revisited article. I’m glad it was helpful to so many folks. However, some readers pointed out that I didn't flesh out the details of internet-connected SharePoint farms. So here goes!
If you connect a Windows server to the Internet for access that has any kind of authentication, you need a Windows Server External Connector license. If your server is accessed over the Internet by users who already have client access licenses (CALs), this isn’t necessary, but if, for example, you’re putting SharePoint Foundation 2010 on the server, and treating it like a kind of Internet site that has any authentication, or if you’re sharing information with extranet partners for whom you do not purchase CALs, then you do need a WSEC license for the Windows Server OS underlying the SPF2010 instance. Alternately, you can purchase enough CALs to cover your external authenticated users. For more information on the EC license, see Microsoft’s EC information page.
Now let’s assume you’re running SharePoint Server 2010 and you will host both your public facing Web site, an extranet for partners and customers, and collaboration sites for internal users. You need two SharePoint server licenses: the SharePoint for Internet Sites and the SharePoint Server license. I know it sounds strange, but that’s the way the language reads! Underneath the SharePoint licenses, it’s a bit unclear as to whether you would need Windows CALs or an EC to support the access to the extranet site, given that there is authentication happening. You would definitely need Windows CALs for the internal users.
Finally, what about SQL Server, assuming it’s on a separate machine? Let’s keep it easy and assume you’ve licensed SQL Server itself with a per-processor license, which covers all client access to SQL Server. Do you also need an EC for Windows Server underneath SQL Server, if that SQL Server is supporting your internet or extranet sites? My guess is yes.
But the most important thing—and something I emphasized in the article a few weeks ago—is that you need to confirm all of this with your reseller. Get quotes from several resellers and go with the one that makes the most sense to you. If you give them accurate information about your infrastructure and your usage, it’s really up to them to help you navigate Microsoft’s insane variations of licensing. One thing’s clear from all of the email I received about licensing, and that is: it’s not clear!!
Least Privilege Security Accounts
Earlier this summer, I documented some of the best practices for configuring the accounts required to install SharePoint. I wrote the article under the assumption that the article was a checklist of accounts for initial installation, but I did not clarify a point or two, and several readers noted that.
In the article, I mentioned that the SharePoint farm and service account, named SP_Farm in the article, should be a local Administrator. The SP_Farm account must be a local administrator (a member of Administrators on the SharePoint server) for user profile synchronization service application provisioning to succeed. Therefore:
1) You should add SP_Farm to local Administrators when you provision the user profile synchronization service application. The documentation from Microsoft about UPS deployment describes this.
2) After provisioning UPS you can and should take SP_Farm out of local Administrators. If you don't, you'll get a warning in Central Admin from the health analyzer. That warning is correct. Administrators privilege is needed only when initially deploying UPS.
3) If you don't have SP_Farm in the local Administrators group, and you use the Farm Configuration Wizard with its default settings--which include provisioning UPS--it will fail and produce errors for these reasons.
I also promised in the article to detail the remaining accounts and related information for least privilege installation. I have not forgotten, and will be publishing these updates within the next 3 weeks. If you're in dire need of the information now, don't hesitate to email me at danh -at- intelliem dot <top-level commercial domain>.
License to Kill, Revisited
Least Privilege Service Accounts for SharePoint 2010