Considerations for integration between sqlserver and Sharepoint.

Source: Internet
Author: User
Tags least privilege

When deploying a Sharepoint application, a common method is to deploy a single server solution for SQL Server to be used. Generally, when the SharePoint built-in database server is used, when the number of records is large, it often cannot meet the needs of users. For this reason, the support for the SQL Server independent database is required. In this article, I will introduce you to the considerations for integrating sqlserver with SharePoint servers.

  I. precautions during installation.

It is best to confirm the deployment scheme to be used before installation. For a single server solution or a multi-server solution. If subsequent adjustments are required, the workload may increase. For this reason, I suggest that you determine the solution before installation. In this way, we can achieve one-step improvement to reduce unnecessary troubles. During installation, the system automatically configures binary files, including security permissions, registry settings, and database settings. During the installation process, I think you need to pay attention to the following content.

First, you need to view the system Installation Log after the installation is complete. In my daily work, I found that many administrators do not have the habit of viewing system work logs. I think this is a very dangerous work habit. In terms of the installation process, the system will leave a lot of valuable information in the Installation Log no matter whether the installation process is successful or not. When a job fails to be installed, the system administrator should check the log files. The check method is also quite simple. Generally, this log file is stored in the temp folder of the installer user. Log on to the user who runs the installer and enter the keyword "% Temp %" in the address bar of the Windows operating system resource manager to quickly locate the user's Temporary Folder. Find the log file generated by the system to find the cause of system installation failure. By default, the log file name starts with Sharepoint Server Setup. Time information may be added later. This means that different log files are installed at different times. If the installation fails for multiple times, you can obtain useful information about the price comparison by comparing the content before and after the log file.

Second, during the installation process, it is best to set two different account names for two different applications for system security. You can use a DBA account to install the SQL Server database. When you deploy a Sharepoint account, create a spa account name. In this case, different applications are maintained under different accounts to provide them with a relatively independent working environment. In addition, even if one account and password are leaked, it will not adversely affect the other application. In fact, there will be similar suggestions in any environment. The main principle is that for relatively independent applications, it is best to use different user names for installation and subsequent maintenance. Although this may be troublesome when switching users. However, the overall use effect is good. Specifically, when integrating these two applications, the following principles must be observed for accounts. A server account is an account used to create and access the configuration database. In other words, you need to separate database installation from Account creation. For example, create two accounts A and B. Use a to install the database and set security. B is used to create databases and related access configurations. In this integrated environment, this server account is also the overall identity account of the SharePoint Management Center application pool. Note that the user account of the server account must also be a domain user account. However, we do not recommend that this user be a member of any specific security group on the Web server or database server. This is mainly because the principle of least privilege needs to be followed to ensure the overall security of applications. In short, when integrating these two products, you need to carefully understand the design of this account. It is also feasible to use an account from the beginning to the end. However, this is not conducive to system security. When designing an account, we simply need to follow the principle of least privilege.

  2. Note the difference between passphrase and password.

Passphrase and password. These two words are translated into Chinese and are the meanings of passwords. However, in English or in this application environment, the two are very different. Password is equivalent to a common password, that is, there is no strict limit on the composition of the password. Passphrase can be regarded as a high-security password with strict restrictions on the composition of the password.

I will introduce a bank ATM password setup case. You may have a better understanding of the differences between the two words. In the past, simple passwords such as 123456 or 999999 were run on the ATM. However, in order to increase the security of users' funds, some banks do not allow users to set such simple passwords. After the user sets the password, the system will remind the user that the password is not accepted and requires a more powerful password. The first one is password, and the next one is passphrase. Obviously, although the former is similar to the latter, the latter will have some mandatory provisions on password settings, such as special requirements on the password length and complexity, therefore, it may be more secure.

 

If the database is deployed separately, the common password is used, that is, 123456 is used as the password. However, in an integrated environment, such a simple password is not allowed. This is mainly because SharePoint requires that the database use passhrase instead of password. Specifically, the following conditions must be observed when setting the Database Password. The first is the length requirement, which must be at least 8 characters long; the second is the complexity requirement, such as the need to include numbers or non-character characters in the password. In general, we can use case-sensitive characters, Arabic numerals, and non-character special characters in the password to improve the security of the password.

Some administrators who first came into contact with such integration projects will be involved here. They first deploy the database, and then use the SharePoint Configuration Wizard to connect to the database, only to find that the database password is too simple. Then, go back and reconfigure the Database Password.

  3. Other related configurations.

First, you may need to configure the list of trusted websites. In some cases, in order to make the system work normally, you may need to set the trusted list of the website. On the IE Toolbar, select a tool and click the Option Button. In the top dialog box, select the "Security" tab, select a trusted site, and click the site. The following dialog box is displayed. (This may be slightly different depending on the selected IE browser version ). In this dialog box, you need to do two things. First, add the URL address in the "add this website to Region" document box. Second, there is a check box at the bottom that "requires server verification for all sites in the region" is canceled. If you do not cancel the operation, the system will remind you of the error message when saving it. Because in internal management, we often do not need to use HTTPS technology. Therefore, you need to remove this check box. Click confirm or apply.

Second, you may have to make the following configurations based on your actual work needs. For example, input email configuration. The system administrator can configure the incoming email to archive the emails sent to the SharePoint website. For example, an e-commerce system is implemented on a website. You can place orders directly from the website. The system then sends the order information to the relevant departments of the enterprise by email, instead of staring at the webpage at all times. In this case, it is necessary to configure incoming emails. Through this function, you can also archive the content of the email meeting. Other useful configurations include configuring data collection for usage and running status (which will be helpful for subsequent optimization performance), and configuring diagnostic logs (which is helpful for troubleshooting) configure mobile accounts and search settings. In particular, by configuring a mobile account, the system can send SMS notifications to users' mobile phones. These settings are not necessary. However, enabling these settings can improve the user's working environment as needed.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.