Or how I stopped worrying and learned to love Kerberos.

There's been a lot written on configuring Excel Services 2010 and I by no means claim to be an expert on it. However, having just gone through SPN hell trying to get delegation up and running between SharePoint and an SQL Analysis Server I thought I'd share. Turns out there are a couple of items I needed to know but are missing from other posts.

First item worthy of note is that all Kerberos delegation for data refresh relies on the Claims to Windows Token Service. So this has to be up and happy before going any further.

The second noteworthy point is that all delegation must use the Constrained method which isn't as painful as it sounds but isn't particularly intuitive either.

The steps I followed were:

1) Check the Claims to Windows Service

• It should be running on all Excel Calculations Servers.
• It should be set to Automatic.
• It should be using the Local System account. This might look odd but it's the only account the service will run under properly.

2) Identify service accounts. You'll need:

• The service account for excel services (e.g. random\excelservices)
• The service account for the data server (e.g. random\sqlservice)

3) Either use the SETSPN tool or the ADSIEDIT console to create Service Principal Names (SPNs) from the command line to set up SPNs for each service account. For example if the excel services are on http://App1.randomcom:
Setspn -a HTTP/App1     random\excelservices
Setspn -a HTTP/App1.random.com     random\excelservices

And add SPNs for the back end services,Starting with the Analysis Services:
Setspn -a MSOLAPSvc.3/SQL1     random\sqlService
Setspn -a MSOLAPSvc.3/SQL1.random.com     random\sqlservice


And then the MSSQL Server:
Setspn -a MSSQLSvc/SQL1:1433     random\sqlservice
Setspn -a MSSQLSvc/SQL1.random.com:1433     random\sqlservice

4) Set up constrained delegation for Claims to Windows Token Service and the Excel Service Application.

• In Active Directory Users and Computers find the server running Excel Calculation Services and open its properties.
• Click the Delegation tab. Select the Trust the computer for delegation to specific services only and under this the radio button Use any authentication protocol. This does seem counter intuitive especially as the other option is Use Kerberos only but no matter the temptation if you don't select "any" then delegation won't work for Excel Services.
• Click on the Add button the Add Services dialog will appear. Click on Users or Computers to bring up the Select Users or Computers dialog box.
• Now enter either the SQL Server service account or if SQL services are running under Local System the SQL Server name(SQL1).
• On pressing OK you'll be returned to the Add Services box which will now have the SQL Server or Analysis Server registered as a service type. Select the service and press OK.
• You will be returned the Properties dialog for the Excel Services server. Under the Delegation tab you will now see the SQL Service registered as one the account can now present delegated credential.
• Repeat this step for the Excel Services service account.

Repeat for each Excel Services service yu have running and each server you want to delegate credentials between.

And that's it, hopefully.

Nope no Robert Downey Jnr in this one you’ll have to wait until April 30th for that (in the UK at least). This was Mike Watson (a man who used to play with tanks on a professional basis) taking the SharePoint Evolution attendees through the major enhancements to SharePoint which will make high availability solutions a little easier to architect and deploy.

Mike started with a rundown of the major issues with SharePoint 2007:

• Granular Recovery – ah that look on a client’s face when you tell them just exactly what  they will have to go through now that 1k text document they deleted has exited the recycle bin (cue exasperated sighs stage left). Just a simple matter of recovering that backed up database to a web app and then finding the document concerned – a doddle
• Disaster Recovery – a small list of laundry for this one that can only truly be satisfied by a sub list:
  • No native support for mirroring – let’s do the swap over by hand or rely on some cludgy scripts
  • Everything can be made redundant, apart from that indexy bit and if that goes and you’re reliant on search apps? Just how many documents do you have to crawl? You weren’t planning on doing anything over the next couple of days/weeks/months were you?
  • Robust backup – let’s back up everything. Yip content, config… you want to restore config? Ok but that’s you unsupported as far as Microsoft is concerned. They didn’t mention that?

Ok various vendors have spent millions and made millions producing tools to sort these issues out. But does SharePoint 2010 handle them in anyway?

Mike Watson seems to believe… sometimes. Here is what I gleaned concerning these issues.

Granular Recovery – well the good news is you won’t have to restore the content DB backup to a SharePoint Farm, Hidden in the depths of 2010 Central Administration is a command called Granular Recovery from unattached database. And backup now goes down to the list level. Certainly an improvement but I doubt the likes of Quest and AvePoint will be packing up their tools and leaving the SharePoint scene anytime soon. Anybody who has used one of these tools to search and retrieve an item from a backup file (no restoring to SQL) will know why.

Native support for mirroring – Now you can tell your SharePoint sites where the failover database is. If SharePoint cannot contact the principal node (I think it’s in 10 seconds) then it will attempt to contact the failover. This in my humble (well not so I am blogging after all) is brilliant. Unfortunately you still need to set up the SQL side from SQL but when combined with a witness server this could be a very useful addition.

Index Server – this is now the Crawl Server, I know you just get used to one set of names and acronyms and then they change (wait until you find out about BDC, still a SharePointy acronym but doesn’t quite mean what it used to). Anyway, with the brand new service architecture the single point of failure is gone in 2010. It’ll even support mirroring if you really want to (more redundancy and you know what redundancy makes? Yep license sales).

Robust backup – the reason  Microsoft didn’t support mirroring and restore for the config database in 2007 was the sheer volatility of the data. In 2010 they do support backup and restore. The config backup saves settings to an XML file which could even be restored to a completely separate farm, in theory. Mr Watson was quick to point out that he hadn’t seen it done.

So some great improvements, especially around redundancy and mirroring. Should make complying to those SLAs a little easier.

In Mike Watson’s talk on SQL planning he highlighted some recently published numbers for SharePoint 2010 capacity:

Category	2007 Capacity	2010 Capacity
Content Database	100 GB	200 GB
File Size*	2 GB	2 GB
Databases per web app	100	300
Site Collection Size	100 GB	100 GB
List Items per view	2000	5000

* This is a boundary limit dictated by the SQL field. Larger files require another solution such as Remote Blob Storage (RBS).

As with 2007, apart from the file size limit, a lot is going to depend on the structure of your data and the size of the files saved. Only the File Size is a ‘hard’ limit the rest is the point where Microsoft would expect a degradation of performance.

Was sat in a talk by Paul Turner of HP Software (he’s their World Wide Services Competency leader for SharePoint). The subject was Designing Information Management for the Masses but as you can probably guess what it boiled down to was a matter of governance and Paul reminded me of the four main tenets of any good SharePoint Governance Plan:

1. People – clear vision and defined roles and responsibilities
2. Technology – service level agreements
3. Policy – design and usage principles
4. Process – common tasks that need to performed

And why do you need governance? Well top of the list for me is ‘SharePoint sprawl’. Giving those users the ability to create content, sometimes hideously complex content and solutions, can result in an explosive growth of sites, sub sites and even site collections. Even I with my simple dev background can understand the potential impact of allowing users to add content ungoverned. From a usability perspective there is the inability to find useful content and if users can’t find what their looking for the system will soon fall into disrepute and alternatives will be found (watch them mail boxes grow once more) From an infrastructure view unchecked content can lead to a strain on network and database resources.

Content quality will be hit too if there are no policy on metadata or the location certain assets should be saved to. It can also impair decision making if the data is difficult to find and assimilate then the business leaders are going to be unable to make informed, timely decisions.

Finally – ok finally for this simplistic article, there’s plenty out there on the subject – without proper governance from the outset there is a risk that the SharePoint implementation will never be fully aligned with the business and thus the business will never get full value from it. Naturally, this then runs the risk of the business never valuing the platform and the implementation and indeed product forging a reputation of failure.

The Icelandic fire gods have taken their toll on the conference with much reorganisation of the agenda to give those speakers who haven’t made it the chance of getting here by Wednesday.

Still, as Steve Smith pointed out in the keynote there were cons and pros to the situation, some folks couldn’t make it to the UK but then others couldn’t leave and they have been enlisted to ensure the conference goes on.

The mystery keynote speakers were revealed, as well as Mr Smith, Eric Shupps, Spencer Harbar and Brett Lonsdale took to the stage to give attendees a good dose of nostalgia.

Whether the audience wanted to be reminded of the “quirky charm” of 2001, 2003 and 2007 versions of SharePoint I’m not sure but there were a few of us older types with tears in our eyes (some may have been joyful most I suspect not, one chap beside me started to shake and mutter) as we were taken through the delights of SharePoint’s growth from small web based storage app to all conquering integration and application platform.

From the basic document management available in 2001 (though allegedly not a recognised member of the family) through the introduction of SQL in 2003 and finally to the feature/solution package deployment framework.

Of course nobody could answer the question, why did Microsoft stick with that blue? 

Tomorrow is the first day of the SharePoint Evolution Conference in London. The conference is going ahead despite the best efforts of Icelandic volcanoes; planes may be grounded, the sky may be awash with ash but SharePoint carries on regardless!

With the RTM released this month and the official launch only a few weeks away the conference has a very 2010 feel to it, there’s not too much for those interested in 2007. I guess this is understandable, it’s a technology conference and if there’s one thing that technologists like it's something that can have the adjectives ‘new’, ‘shiny’ and ‘improved’ placed in front of them (unless it’s washing powder – not really too excited by that).

The speakers have a familiar feel Spencer Harbar, Eric Shupps, Mike Watson, Steve Smith, Joel Oleson, Andrew Connell, Bill English to name but a few. All of these guys will have by now had extensive exposure to the supposed wonder that is SharePoint 2010 (supposed? no,truly it is wonderful!) and it’ll be interesting to hear what they have learned since Vegas’ conference.

One mystery remains. Who will deliver the keynote? Having spent literally seconds exploring the Evolution Conference site I can find no clues…

…eh long live services ‘a la carte’ – somebody from marketing really needs to get hold of that one! (and please excuse my French).

What it means is this -

In SharePoint 2007 the Shared Services Provider was a specialist web application (two if you include MySites) which looked after Enterprise Search, Profiling, Excel Services and the Business Data Catalog.

Although this worked pretty well it had a couple of major limitations -

• It’s not a scalable model – you could have more than one SSP in a server farm but if the desire was to have a slightly different flavour of SSP, for example specialist or restricted search it was a lot of overhead.
• It wasn’t granular – SSP’s had very coarse permissions, once a site was attached to an SSP it had all the services running on it. Administrators either had access to the SSP configuration site and all services or they didn’t!

No finesse at all!

The new Service Application Model is broken into discreet service applications allowing web applications to be more finely tailored to their user base.

This is done through a series of proxies which are assigned into Proxy Groups. In a straight 2010 installation there will be a Default Proxy Group which web applications will automatically take on. Services can belong to more than one group and (wait for it) more than one instance of a service can be running in a farm. So for example the Excel Services service Finance uses may not be the same as the one in use by Marketing.

Naturally, you can create your own Proxy Groups.

This does come at cost, more granular services means more information to keep in state which results in more databases for the SQL Server and the associated maintenance attached to that. To take the People service, which runs MySites in 2010 amongst other things, as an example (albeit an extreme one); this service requires 3 databases to operate.

And it’s not alone with those hard disk eating, processor stomping needs…

This week I’m attending Ignite Training for SharePoint 2010.

I will of course be posting any interesting bits that come up.

But the format is quite interesting with a mixture of presenters, labs, video and live meetings all done over the web. It remains to be seen whether this can engage attendees fully without face to face contact. I suspect discipline on all sides will be required.

Just thought I’d mention this as I only found it yesterday but there are a huge number of free resources on 2010 at the SharePoint Developer Center on MSDN.

The resources include:

• a good introduction to development in 2010 over 10 modules
• lot of material on upgrades
• a community page so that you can get the latest updates

This was one of the most cheered announcements at the recent SharePoint conference in Las Vegas. SharePoint 2010 can be installed on Windows 7 (and Vista 64 bit for that matter).

Installations on Windows 7 will not be supported for production by Microsoft but it is going to make it easier for developers to work.

Instructions on how to prepare Windows 7 and install SharePoint can be found here.

The beta for SharePoint 2010 (along with other Office 2010 products) was released on Thursday. All the goodies can be found here.

One of the more useful items for both devs and ITPros revealed at last weeks conference it gives a breakdown of the call stack, SQL procedures called , timings etc on each SharePoint 2010 page.

You have to switch it on though!

Probably the easiest way is through STSADM (no doubt a cardinal sin in the brave new PowerShell world). Remember STSADM is now in the 14\bin.

 

Stsadm –o setproperty –pn developer-dashboard –pv ondemand (or “on” or “off”)

 

There's a great msdn blog about the Dashboard here including several other ways to activate it.

Again with so much information coming out the only way forward is another list (maybe I should be sticking these posts in some sort of web enabled collaboration platform?).

• First a biggee (to me anyway) SharePoint 2010 can be installed on Windows 7 (and 64 bit Vista) for development purposes. There will be a couple of hacks to allow installation of the beta but apparently these will be gone by RTM. According to Microsoft stand who helped develop this he reckoned you would need 4GB of RAM to run an environment including SharePoint, Office suite, SharePoint Designer and Visual Studio 2010
• Visual Studio 2010 (the beta is released this week) is much more supportive of SharePoint projects:
• There are twelve or so projects specifically for SharePoint ranging from empty through site, workflow etc
• One touch deployment and debugging! Click the debug button Visual Studio packages, deploys to test, activates features and even opens a browser window!
• And of course it creates its own Features and WSPs no more batch file writing
• Developer Dashboard is actually SharePoint basically it opens a window beneath the SharePoint site and gives you every stat you could think of load times of web parts, SQL queries, call stack etc.
• One of the templates is a Visual Web Part no more coding the UI!
• SharePoint Designer 2010 has much enhanced (or you may think more dangerous functionality) including:
  • Creation of dynamic lists from SQL sources; these can include Create, Read, Update and Delete functionality surfaced in SharePoint
  • Workflows are no longer limited to a single list abut can have their scope set to the web application level making them reusable (hurray!)
  • Workflows and even sites can be exported as packages and imported to Visual Studio 2010 which has a couple of specialist project types to handle this.
  • Simple workflows designed in Visio 2010 can be imported directly into SharePoint Designer
  • SharePoint Designer can export workflow diagrams to Visio 2010

I’m sure there was more,I’ll post when it bubbles up into my consciousness.

Nearly forgot – to simplify licensing issues the new version of SharePoint has a report which analyses the features used and delivers a report listing how many licenses are needed (Microsoft were keen to stress this report goes to local admin not them).

Cool…

Lord Palmerston reportedly said of the Schleswig Holstein Question that only three people had understood it one was dead, one was mad and the other had forgotten.

I still reckon that’s a couple more than have ever understood MOSS 2007 licensing.

And so with a mind troubled by this I sat through a talk which promised to reveal the licensing model for SharePoint 2010.

How would my sanity have fared by its conclusion?

So first up what does each version contain:-

SharePoint Foundation Server 2010  is the free offering replacing WSS 3.0. and will have the usual limits of SQL Express and Search Express.

The Standard  SharePoint functions will be base around Collaboration, Enterprise Search, Document and Content Management, Social Computing (Wikis, My Sites), Digital Asset Management (including Silverlight) and Records Management. Basically unstructured data.

The Enterprise  functionality is a long list:

• Excel Services
• Performance Point Services
• Advanced Charting
• Visio Services
• Access Services
• InfoPath Form Services
• Client line of business integration and web parts
• Custom Reports

In addition server licences can be upgraded to use FAST search.

Speaking of server licenses these break into Standard and Enterprise as before but this time there are both intranet and internet versions. Added to this is the aforementioned FAST server license which comes in both flavours too. So when you add this to the Foundation Server you have a total of seven types of SharePoint (a title for a post if ever I scribbled one).

Note that the SharePoint for Internet 2010 Standard Edition is designed for small to medium concerns and will retail at about half the price of the current MOSS for internet. But, and its a big but, it will be artificially throttled possibly round content size (the Microsoft boys were a bit hazy on this).

For intranet solutions the Client Access Model remains with the need to buy both a Standard  and Enterprise CAL  to access Enterprise features. For FAST although the license upgrade is for the server users utilising it will need an  Enterprise CAL.

Still with me?

Ok – SharePoint 2010 Online for intranet will continue with the current User Subscription License based on Enterprise, Standard and Deskless (read and form filling only). It will also have an Internet and Partner Access versions. Partner Access is effectively an extranet option.

For related technology:

SharePoint Workspace (the app formerly known as Groove) comes with Office 2010 PRO+ (which sounds like a caffeine tablet)

Office Web Apps – Office 2010 but do need SharePoint Foundation 2010  to work.

Project Server 2010 – needs a Project CAL  and a SharePoint Enterprise CAL

SQL Server Power Pivot  - SQL Enterprise Edition  if exposed only in office then an Office 2010 to be surfaced in SharePoint an Enterprise CAL  is required. 

Just for completeness there is also a non SharePoint version of FAST - Fast Search Server 2010 for Internet Business.

Eh… wibble