The third major grouping of administrative tasks is Application Management. This grouping allows you to quickly navigate to configuring and managing Web applications, site collections, shared services, and other application-specific functions.
Creating Web applications is one of the most basic and fundamental aspects of administering SharePoint products. A Web application provides the interface that users interact with from their browsers. Web applications are a combination of IIS virtual servers, associated content databases, and entries for both in the configuration database. Creating a Web application is covered in detail in Chapter 2, so refer there for detailed information on creating a Web application.
Extending Web applications is an interesting feature that is used by those wishing to serve the same content databases via multiple Web applications (IIS virtual servers). An example would be an organization wishing to serve content internally via http://portal using Windows Integrated Authentication, but serving the same content externally via https://portal.contoso.msft using Forms Authentication over the Secure Sockets layer (SSL) for security. You must already have a Web application created and functional before you can extend it. Then, extend a Web application from Central Administration > Application Management > SharePoint Web Application Management > Create Or Extend Web Application > Extend An Existing Web Application. The following items must be configured to extend a Web application:
Web Application To Extend By default, there is no Web application selected to extend. You must select via the drop-down list box, as shown in Figure 3-13.
Define IIS Web Site You have the ability to create an IIS virtual server beforehand, but as in creating a Web application, it is best to create one from Central Administration and make any necessary changes later. Give this site a meaningful description, which makes administration in IIS Manager much easier.
If you are using host headers, the description changes automatically to the host header + TCP port number.
If you are not using host headers, leave the port alone for now and change it later in IIS Manager. If you are using host headers, you can change the port to the final configuration now. Use the directory defined during deployment for your path.
If you plan to assign IP addresses to Web applications, it is a good idea to enter the host header information now and change the port to 80. You can always add additional host headers as required in IIS Manager. This simplifies the process of adding additional WFE servers to the farm.
Configure Security Close attention should be given to the security configuration because this is usually the primary reason for extending a Web site. If using Kerberos, don't forget to register the Service Principal Name (SPN) for the original Web application pool identity. Refer to Chapter 7, "Implementing Security for SharePoint Products," for more information on using Kerberos.
You are not given the option to create another Web application pool. Doing so would break the functionality of the Web application extension. Therefore, never change the application pool of an extended site in IIS Manager.
If extending to leverage the security of SSL, be sure to select the option here. Although it can be changed later, it is easier to do it now. Note that you must configure a certificate for this site in IIS Manager after creation before it can successfully serve content via SSL.
SSL certificates and assigned IP addresses are not stored in the configuration database. If you must restore a WFE server for any reason, you will need to reconfigure the Web applications using SSL or assigned IPs. Alternatively, you can restore the IIS Metabase from the last backup.
Load Balanced URL The Load Balanced URL setting doesn't mean exactly what it says. The URL can be set to a previously defined DNS host name for this Web application, or it can be set to a DNS host name for an NLB IP address. To complete, you must also choose the zone associated with this extended Web application.
Figure 3-13: Be sure to select the correct Web application from the drop-down menu.
To unextend a virtual server in IIS, do so from Central Administration > Application Management > SharePoint Web Application Management > Remove SharePoint From IIS Web Site. Exercise caution when unextending (deleting) a Web application, especially when selecting the Web application to remove. If you need to modify any other settings in IIS, refer to Chapter 2 for details on configuring IIS virtual servers in conjunction with SharePoint products.
If you have a medium-scale or larger implementation, give serious consideration to extending the default set of managed paths. A managed path is defined as the path in the Uniform Resource Identifier (URI) that is managed by SharePoint products. As an example, sites is the managed path in http://portal.contoso.msft/sites/madison. Managed paths cannot be limited for use by specific security groups, nor can they be targeted directly with audiences. They are simply a way to organize a large quantity of site collections. When using managed paths, you can have two site collections with the same name. For example, http://portal.contoso.com/HR/Meetings and http://portal.contoso.com/Sales/Meetings.
When adding a new path, you have the option either to include only that path (explicit inclusion) or to specify that path and all subordinate paths (wildcard inclusion). If the path http://portal.contoso.msft/sites was specified as an explicit inclusion, content could still be served from the WFE file system at http://portal.contoso.msft/sites/path. When creating an explicit inclusion managed path, you can then create a single site collection in the root of that path. If http://portal.contoso.msft/sites was specified as a wildcard inclusion, multiple named site collections could be created under that path.
The settings for outgoing e-mails are copied from the settings previously defined in Central Administration > Operations > Topology And Services > Outgoing E-Mail Settings. Microsoft has given you the ability to modify these default settings on a per-Web application basis. This feature is useful when segregating e-mails based on workflows or when unique language character sets are required for a given Web application. Always verify that you are in the correct Web application before making changes.
You can configure Web application outbound e-mail using stsadm -o email -outsmtpserver <SMTP Server> -fromaddress firstname.lastname@example.org -replytoaddress <email@example.com> -codepage <codepage> -url <web application URL>.
Content databases contain all site collection content, including most customization performed in the browser or SharePoint Designer. By default, a single content database is created per Web application. You should create additional content databases to limit the size of your content databases. For example, if your site collection quota is 10 GB and you want to limit your content database size to 100 GB, you would need to create a content database for every ten site collections in the associated Web application. You add additional databases via the Manage Content Databases interface. From here, you can add or manage content databases, as well as view information about a content database, as shown in Figure 3-14.
Figure 3-14: To edit the configuration of a content database, single-click the hyperlinked database name.
A database status of stopped means the database is not available for new site collection creation. It does not mean the database is down.
There are four primary properties that can be modified on a content database:
Database information The database information section shows the database server name, database name, and status. Changing the status to Offline prevents new site collections from being created in that content database. It also shows the type of authentication that was defined during the associated Web application creation when it is the first content database, or during content database creation for subsequent databases.
Database Capacity Settings You should make an educated decision about the Number Of Sites Before A Warning Event Is Generated and Maximum Number Of Sites That Can Be Created In This Database. For example, if you do not want your content databases to be larger than 100 GB and your site quotas are set to 1 GB, then you need to change the maximum number of sites to 100. The default settings are almost always too high and should be changed.
To force new site collections into a new content database, you can change the Database Status to Offline. Then you must create an additional content database or new site creation will fail.
Search Server It is important to remember that Search Servers are associated with content databases and not Web applications. Unless you have extremely unusual requirements, you will use the same search server for all content databases.
Remove Content Database There is almost never a reason to remove a content database without removing the entire Web application. But, you might do so when taking sensitive data offline immediately, without losing the data, or re-associating a content database with a new Web application. When removing a content database, all data remain in the database and can be attached to another Web application for access. Re-associating content databases to another Web application should only be performed after thorough testing in a lab.
SharePoint Server includes four document converters that allow your users to write content in a format they are familiar with, such as Microsoft Word, and convert those documents to Web pages:
InfoPath Forms to Web page
Word Document to Web page (docx)
Word Document with macros to Web page (docm)
XML to Web page
The bulk of document conversion configuration is covered in Chapter 10, "Configuring Office SharePoint Server Enterprise Content Management," but some configuration is required in Central Administration. The basics to enable functionality are configured in Central Administration > Application Management > External Service Connections > Document Conversions as follows:
Web application Document Conversion must be configured for each Web application; it is not a farm-wide setting. Always verify the current Web application before continuing.
Enable document conversions By default, a document conversion is disabled for all Web applications. You must enable document conversions for every Web application desired.
Load Balancer server If you defined a Document Conversions Load Balancer server during deployment, it will be available in the drop-down menu, as shown in Figure 3-15.
Conversion schedule The conversion schedule is set to every minute, but should be tuned according to your specific requirements. Large implementations in which many conversions occur simultaneously should have a reduced schedule or should dedicate hardware for the task. If the Owstimer.exe service consumes a large amount of CPU utilization, check your logs for Document Conversion transactions or errors and adjust accordingly.
Converter settings You may configure the converter settings on all installed converters. You can enable or disable converter types per server and change the performance settings for each.
Figure 3-15: If you wish to select a load balancer server, choose it from the drop-down menu.
Workflows are enabled by default for all Web applications. You can modify the global workflow settings from the Workflow Settings option in Central Administration. In the Workflow Settings management interface you can enable or disable workflows for a Web application, and modify task notifications. There are two types of workflow task notifications:
Alert Internal Users Who Do Not Have Site Access This notification is enabled by default and alerts users who do not have site access permissions when they are assigned a workflow task. The users can then follow the embedded hyperlink e-mailed to them and request permission to access the site. Selecting No only allows workflow tasks to be assigned to users who have prior permission to participate in a given workflow.
Allow External Users To Participate In Workflow You can also have documents e-mailed to external participants in a workflow. This feature is disabled by default, and if security is paramount in your organization it should be left disabled.
If you are looking for a Central Administration topic not found in this chapter, it is covered in depth in its respective chapter. Please refer to the index to find more information on the configuration options.