Using the Central Administration Operations Page

Once you've completed the tasks on the Home page, your next step is to configure the global options for your server farm. Global configuration options affect all servers that you add to the farm. You use the Operations page to complete the tasks associated with the global configuraton options. On the Home page, select the Operations tab to open the Operations page shown in Figure 6-8.

Figure 6-8: The Central Administration Operations page

Important

Make sure you have a working backup of your farm before making global changes. Some options, such as Remove Server, can have catastrophic consequences if the server you've removed was providing needed services to the network.

There are eight defined sections on the Operations page and each section is grouped to represent a common set of tasks. The eight sections are as follows:

• Topology And Services Configure servers in the farm and E-mail.

• Security Configuration Manage farm accounts, Single Sign On (SSO) farm wide security policies and global document management settings.

• Logging And Reporting Configure for use across the farm.

• Upgrade And Migration Manage server upgrades and adding new features to the farm. Also used to configure migration from Microsoft Content Manager Server.

• Global Configuration Many unique settings such as site collections links management and bringing the farm offline in a managed state (Quiesce). There is also alternate access mappings for multiple zone and URL support and managing deployed farm wide solutions packages.

• Backup Restore Managing all farm backup and restore jobs down including all Web applications and databases associated with the farm.

• Data Configuration Change the default database location and also configure data retrieval services.

• Content Deployment Configure the deployment of site collection content in the same farm or between farms to other site collections using multiple paths and scheduled jobs.

Some management tasks on the Operations page will be covered in other chapters in this book. This chapter covers e-mail configuration, security configuration, data configuration, and content deployment tasks.

Farm-Level Server Management

The Topology And Services section has five configuration options, and some of the options for managing servers in the farm and configuring services on the server can also be accessed via the Central Administration Home page, as described earlier in this chapter.

• Servers In Farm

• Services On Server

• Outgoing E-Mail Settings

• Incoming E-Mail Settings

• Approve/Reject Distribution Groups

Servers In Farm

The Servers In Farm page, shown in Figure 6-9, is a more advanced version of the Farm Topology view that you saw on the Central Administration Home page. On the Central Administration home page, you saw the services that were configured to run on the servers. On the Servers In Farm page in Operations you can also see the installed binaries version number and the option to the remove the server from the farm. Servers are sorted by server name on this page. In addition, this page is helpful if an administrator ever removes the Farm Topology Web Part on the Central Administration home page.

Figure 6-9: Additional options for servers in the farm

Note

If a Web Part has been removed from the Central Administation Home page, you can add it back as an administrator by going to Site Actions and Edit Page to add the Web Part back. If you do not see the Site Actions tab on the page, you do not have the necessary administrative rights on the page.

Important

If you select Remove Server for a server on this page, you are removing the server from the farm's configuration database. Once it is removed, it will not be available to provide any services to other farm servers or users. Therefore, it is important to have a backup of your farm and databases before proceeding with this option. See Chapter 30, "Microsoft Office SharePoint Server 2007 Disaster Recovery," for more information on backup and restore.

Services On Server

The Services On Server option takes you to the same configuration screen shown in Figure 6-7, where you can configure the services on the servers in the farm that you were able to access from the Farm Topology Web Part on the Central Administration Home page. The status of the services running is pulled from the configuration database. You will need to refresh this page to capture updates to services that have occurred since the page was initially rendered.

Outgoing E-Mail Settings

For any messages to be sent out of SharePoint Server 2007-such as alerts, notifications, and site invitations-you need to configure an SMTP server that will be responsible for routing the messages. This server can be any SMTP-compliant server, and you must be able to connect to this server using port 25 from the SharePoint Server 2007 server.

Note

Firewalls in between the SharePoint Server 2007 server and the mail server can cause outgoing mail to fail, so make sure that SMTP traffic is allowed through your firewalls.

When configuring the mail server settings, you can use different from and reply addresses for your mail so that you could, for example, have mail sent to recipients as Office SharePoint Server 2007@constoso.msft but have the reply address for the mail be spsadmin@contoso.msft.

Incoming E-Mail Settings

A new feature for SharePoint Server 2007 is the ability to allow e-mail messages to be routed directly to a list in a site and therefore have the actual .eml e-mail message appear in the list or library as well as any attachment it has. The process is very simple: you create a new list or library in a Team site and mail enable it. By doing this, you create a new contact in Active Directory using the SharePoint Directory Service and enable people to send mail to the contact's mail address. When an e-mail is sent to this address, it is routed to the configured drop folder on the SharePoint Server 2007 server. After it arrives in the drop folder, the message will wait until the SPTimer service next polls the folder. The SPTimer service then re-routes the mail into the list configured with that e-mail address in a site.

Setting Up Key Components

When setting up incoming e-mail, you need to configure several key components that allow this process to complete. To do this, follow these steps:

1. On the Web front-end server where you want to route mail, ensure the Simple Mail Transfer Protocol (SMTP) service is installed and running by opening the IIS management console in Administrative tools.

2. In Active Directory, create an organizational unit (OU) in which the new distribution or contacts will be created.

Important

The domain account configured to run the Central Administration Application Pool must have write access to the organizational unit created in Active Directory.

Configuring Incoming E-Mail Settings

Once you've completed the preparatory steps described above, the next thing you need to do is to configure your incoming e-mail settings using Central Administration (Figure 6-10). To do this, follow these steps:

1. Click Incoming E-Mail Settings on the Operations page under the Topology And Services section.

2. Select Yes to enable incoming e-mail in the Enable Incoming E-Mail section. Leave the Settings mode as Automatic.

3. Configure the SharePoint Directory Management (DirMan) service. There are several options for configuring the DirMan service. See Table 6-3 below for a detailed explanation for each option. (For more information about this service, see the "Collaboration and DirMan" sidebar.)

Table 6-3: Configuring the Directory Management Service
Open table as spreadsheet

Setting name	Choice description
Use The DirMan Service To Create Distribution Groups And Contacts	q   No - Allows you to use only the local SMTP service for mail delivery. No Objects are created in Active Directory. q   Yes - Requires that you define the container in the Active Directory where you wish the Contacts and Distribution Lists to be created. For example OU=SPContacts,DC=Contoso,DC=MSFT q   Remote - Lets you specify the DirMan Service URL on another farm to provide the connection to the Active Directory. For example, http://mossserver:portnumber/_vti_bin/sharepointEmailWS.asmx
SMTP Mail Server For Incoming Mail	Lets you specify the SharePoint Server where the SMTP service has been configured. The mail will be routed to this SMTP server for delivery to the list or library, for example moss2007.contoso.msft
Accept Messages From Authenticated Users Only	Used for reducing the amount of relayed junk mail that is received by the SMTP service.
Allow Creation Of Distribution Groups From SharePoint Sites	Selecting yes allows sites and site groups to be given their own distribution group and mail address in Active Directory. After selecting yes, you must choose what level auditing is required for creating and managing the objects in Active Directory. The four choices are q   creating a distribution group q   changing the group's e-mail address q   changing the title and description q   deleting the distribution group Once configured, an object will remain in the approval state awaiting approval. In order to approve an item follow these steps: On the Operations page click View All Site Content on the left hand quick launch bar. Click the List Call Distribution Lists. Select the item to approve or reject from the drop down arrow next to the item.
Incoming E-Mail Server Display Address	Lets you assign a friendly e-mail address name to the list (for example, contoso.msft). Every e-mail enabled list name will then include this mail address after the list name (for example, helpdesk@contoso.msft).
E-Mail Drop Folder (only available if you selected advanced settings mode)	Lets you define the folder where mail will be dropped by the local SMTP service to await pick up by the SPTimer and delivery to the list or library (for example, E:\spsmail\drop). If you selected Automatic mode the drop folder will be the SMTP service folder (by default, C:\Inetpub\mailroot\drop).

Figure 6-10: Configuring incoming e-mail

Collaboration and DirMan

The SharePoint Directory Management (DirMan) service provides a way for Windows SharePoint Services to mail-enable discussion groups and SharePoint groups. The reason this service has been created is because in the previous versions of SharePoint Products and Technologies, users were forced to choose between collaboration using e-mail and collaboration using team sites. With the advent of DirMan, you no longer need to make an exclusive choice.

In addition, most organizations have rich, mission-critical information encapsulated in e-mail messages. The DirMan service allows users to more fully integrate this rich information into the SharePoint collaboration process, while also allowing the content of the e-mail messages to be indexed and queried.

The DirMan service is installed as part of the Shared Services Provider (SSP) in SharePoint Server 2007. It is not a service that you'll see in either the Service page in Central Administration or the Services Control Panel for the operating system. Instead, it is a Simple Object Access Protocol (SOAP) service that is exposed when the SSP is created and configured, and it is called by Windows SharePoint Services to perform e-mail services. For the DirMan service to work properly, you must have installed Active Directory and Exchange Server 2000 or later. Because SSPs can be federated across farms, this topology flows through to the DirMan service.

Configuring Sites to Receive E-Mail

Now that you have configured the server side, you can go to your lists or libraries in SharePoint Server 2007 sites and configure them to receive mail and specify which e-mail address to receive mail items from. To configure these settings, follow these steps:

1. Open any site such as a custom site named Helpdesk that you created for your organization.

2. Click Shared Documents in the quick launch section of the page.

3. Click Settings and select Document Library Settings.

4. Select Incoming E-Mail Settings under Communications to open the Change E-Mail Settings page shown in Figure 6-11.

   You now have several options to configure for the incoming e-mail:

   q	Incoming E-Mail Select Yes to enable e-mail on the library, and choose the e-mail address you want to give the library.
   q	E-Mail Attachments Choose how you want mail attachments to be grouped when received in the library. The default is to save all attachments in the root of the folder.
   q	E-Mail Message Choose Yes to have the original .eml mail message saved in the document library as an attachment.
   q	E-Mail Meeting Invitations Choose Yes if you want this library to receive and show meeting request e-mail messages.
   q	E-Mail Security Select the level of security on the document library to determine who can actually add items. By default, only senders who have write access to the library will be able to send mail items to that address; however, you can change this setting to allow all senders of mail to populate the library.

Figure 6-11: Configuring the document library to receive e-mail

After completing the e-mail settings process, a contact is created in the specified OU in Active Directory using the directory service manager. If you want to add more e-mail addresses to that contact to support external mail addresses, for example, you can use the Active Directory management tool for users and computers and add more e-mail smtp addresses.

Real World Using Incoming E-mail

As a real-world example of the process detailed in this section, suppose that you have created a document library in an SharePoint Server 2007 site called helpdesk. You have enabled the incoming e-mail settings and assigned an e-mail address to the list in the SharePoint Server 2007 site-for example, helpdesk@contoso.msft. A contact is created in the Active Directory OU using the directory management service, and you can now have the e-mail messages sent to the e-mail address of helpdesk@contoso.msft. The messages are then sent to the drop folder configured on the SharePoint Server 2007 incoming mail server. The SPTimer service picks up that mail, and it puts the mail itself into the helpdesk document library. You can now set up a workflow on the document library and a notification mechanism so that the helpdesk query can be processed by the right helpdesk member.

Security Configuration

SharePoint Server 2007 includes several security options that enable global configuration for better control of security. Start with the Security Configuration section of the Operations page (shown in Figure 6-8) to configure security. Changes to many of the options in this management section will have a global effect on all SharePoint Server 2007 servers in the farm, so it is important to understand the available options:

• Service Accounts

• Information Rights Management

• Antivirus

• Blocked File Types

• Update farm Administrator's Group

• Information Management Policy Configuration

• Manage Setting For Single Sign-On

Service Accounts

When SharePoint Server 2007 needs to communicate with other applications, it will use the service accounts you configured here. There are three Windows service accounts that can be configured:

• Conversions launcher service

• SSO administration service

• Conversion load-balancer service

In addition to these Windows services, you can configure the accounts used by the various Web application pools that you create for hosting the shared service providers and site collections. If you choose to change the service accounts configured here, you also need to make sure the new service account name and password have access to the relevant databases that were configured when setting up the actual Web applications. The minimum rights required are Read and Modify database rights.

Information Rights Management

Security is always on the mind of system administrators and management alike. Even though SharePoint Server 2007 has file security built into the document libraries, you still might need an additional layer of protection in terms of privacy. Information Rights Management (IRM) is built on top of a certificate-based infrastructure, and it allows users to restrict access to a document not just by name but also by their certificate. Information rights management requires both client-based and server-based add-on software to work, and there are additional client access licence (CAL) costs involved.

The difference between IRM and security is important to understand. Security has as its focus regulating who can see which content. IRM has as its focus what can be done with the content when it is accessed by the user. Some have used the terms "security" and "privacy" to differentiate between the two, with privacy being the feature offered by IRM. Those who work extensively in the security field don't like the privacy term, but nevertheless, they are good terms to help you remember the difference between security and IRM.

More Info

See the online documentation at http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx.

Antivirus

Before you can enable antivirus settings, the required antivirus software needs to be installed on the SharePoint Server 2007 server. Antivirus software does not come with SharePoint Server 2007, so you need to purchase an SharePoint Server 2007-specific antivirus package. After the software is installed, go to the e-mail settings and enable the level of scanning that you want. You can choose from the following four options:

• Scan Documents On Upload

• Scan Documents On Download

• Allow Users To Download Infected Documents

• Attempt To Clean Infected Documents

More Info

Microsoft has an antivirus solution called Microsoft Antigen for SharePoint, available at http://www.microsoft.com/antigen/default.mspx.

Blocked File Types

Any files trying to be uploaded into SharePoint Server 2007 with the file extensions listed here will be automatically blocked. You can modify this list with new extensions or remove any of the default extensions.

This list will apply not only to the uploading of documents, but also to extension changes of documents once they are in the list. For example, by default, .exe documents are blocked. If you zip up an .exe file, upload it with a .zip extension, and then try to unzip it in the document library, you'll find that the document will not extract because SharePoint will block the hosting of any document with an .exe extension. To configure blocked file type, follow these steps:

1. Go to Central Administration.

2. Click the Operations page.

3. Click Blocked File Types under the Security Configuration section.

4. Scroll to the bottom of the list and add your new file extension by typing in the box, for example zip.

5. Click OK.

Update Farm Administrator's Group

This option allows you to add users or groups to become administrators in the SharePoint Server 2007 farm and to remove users or groups from the list of administrators in the farm. You should always use an Active Directory security group because it enables you to swap out users in a group without affecting security in SharePoint. To add a new administrator, follow these steps:

1. Go to Central Administration.

2. Click the Operations page.

3. Click Update Farm Administrator's Group under the Security Configuration section.

4. Click New.

5. Add the new user or group account account, for example CONTOSO\SPSADMINS

6. Click OK.

Note

Being an administrator in SharePoint Server 2007 does not give the user the right to create Web applications in IIS; that still requires local administrator rights on the server.

Information Management Policy Configuration

Policies are a new feature in SharePoint Server 2007. You can configure four farm-level policies that are available for lists, libraries, and content types used throughout the farm. Table 6-4 describes these default policies. By default, all policies are enabled and available throughout the farm.

Table 6-4: Information Management Policies
Open table as spreadsheet

Policy name	Policy description
Labels	Gives users the ability to view and add metadata labels in a document. These labels can be printed along with the document, and they can also be a searchable attribute.
Auditing	Allows list and libraries to audit users' actions, such as modify and delete, that take place within the list or library.
Expiration	Assigns an expiration setting to content, possibly through a workflow for archiving.
Bar Codes	Allows unique bar codes to be inserted in documents that can then be printed with the document or searched for.

With policies such as auditing, it is a case of enable or disable, but for the expiration policy there several settings that can be configured including a manual launch of the process. To configure the expiration policy, follow these steps:

1. Go to Central Administration.

2. Click the Operations page.

3. Click Information Management Policy Configuration under the Security Configuration section.

4. Click Expiration.

5. Change the schedule to weekly and choose a day and time.

6. If you wish to run a manual process cleanup of expired content click Process Expired Items Now.

7. Click Save.

Manage Settings for Single Sign-On

If you plan to use the Single Sign-On (SSO) service, you need to configure certain farmwide settings first. The Single Sign-On service is a user credential mapping service that enables a user to access Office SharePoint Server 2007 sites using one account and also get access to, say, his Service Advertising Protocol (SAP) account without continuously providing another set of credentials. Before you can configure the Single Sign-On, you must ensure that the Single Sign-On service has been started on the server-use the Services console in Administration tools to start this service, and change the Startup type for the service from Manual to Automatic.

Note

You must configure the Single Sign-On service account with a domain user account that has Create and Modify database permissions, because the service account will be used in the creation of the single sign-on database and in communications with it. The service account is configured on the logon tab in the properties of the Single Sign-On service accessible through the services console in the Administration tools.

Once the service has been started, you need to configure the server settings for single sign-on before you can manage the other options. Here you will configure the account used for single sign-on and also the name and location for the single sign-on database, see Figure 6-12. When these tasks have been completed, you can finish the configuration by setting the encryption level and enterprise definitions that determine how the Single Sign-On service will log on and authenticate users with various applications. To configure the server settings, follow these steps:

1. Go to Central Administration.

2. Click the Operations page.

3. Click Manage Settings For Single Sign-On under the Security Configuration section.

4. Click Manage Server Settings.

5. Configure the following settings on the Manage Server Settings for Single Sign-On page.

   1. Single Sign-On Administrator AccountMust be a domain user or group account from the same domain where the single sign-on service account is from.

   2. Enterprise Application and Definition Administrator AccountMust be a user or group account from the same domain wher the single sign-on service account is from.

   3. Database SettingsDefine the location of the database server and also the name for the SSO database.

   4. Time Out SettingsDefine time out in minutes for SSO connection sessions and also number of days that the SSO audit logs are kept for.

6. Click OK.

Figure 6-12: Configuring the Single Sign-On service

You can now proceed to configure the encryption key if required and also the application definitions that have been applied to the SSO service.

More Info

To learn more about the architecture of SSO and pluggable authentication, refer back to Chapter 2, "Architecture for Microsoft Office SharePoint Server 2007."

Logging and Reporting

When troubleshooting or information gathering, you should always have as many logs and listed events as possible to track down problems or trends over time. The Logging And Reporting section on the Operations page (shown in Figure 6-8) has several features that you can enable to help with the information gathering process:

• Diagnostic Logging This feature sets the thresholds at which SharePoint Server 2007 will log and report errors as they occur for certain types of user activity. If you do not want to receive a lot of alerts for a certain type of event, you can set the trigger to send an event to the event log to Error rather than Warning, as shown in Figure 6-13. By doing this, fewer entries would be submitted. If you need to monitor activity in maximum detail, set the logging method to Verbose, which captures everything. Do not leave the Verbose setting turned on permanently because this will have a detrimental effect on performance.

• Usage Analysis Processing This useful reporting tool for site administrators gets information on what is happening with their site. Before a site administrator can view the usage reports, you must enable it here. Choose the location and quantity of the log files created and also the time of day to generate them.

• Server Event Logs You can use the Server Event Logs interface to view the error events generated from the Diagnostic Logging settings. You can also use Event Viewer via the administrator tools.

• Information Managment Policy Usage Reports Earlier in this chapter, we looked at configuring information management policies such as auditing or expiration. You can create reports on this information by using the information management policy usage reports. By default the report will use the default reporting template for the reports or you can direct your reports to a customized report template created for you using the templates URL address.

Figure 6-13: Setting the backup job to send only error events to the log

To set up Policy Usage Reports, follow these steps.

1. Go to Central Administration.

2. Click the Operations page.

3. Click Information Management Policy Usage Reports under the Logging And Reporting section.

4. In the Web Application section, select a Web application from the drop down menu to run the reports for.

5. In the Schedule Recurring Reports section, either specify the time and occurence that the reports are generated or force a manual creation of the report by clicking the Create Reports Now button.

6. Specify the Report File Location using the URL to the site collection to host the reports.

   Note

   You can use URL \ to send the reports to the root of the site collection or you could send the report directly to a reports list on the reports page by using the URL /Reports/ReportsLibrary/. The new report will be generated in this list using an XML file format.

7. In the Report Template section, use the default template for the reports or select a URL pointing to a customized report template.

8. Click OK.

Upgrade and Migration

Use the Upgrade And Migration options on the Operations page (shown in Figure 6-8) for managing your farm migration and upgrade from SharePoint Portal Server 2003 and Content Management Server 2002. You can see the various stages of the upgrade process as well as finalize the upgrade when all servers are on SharePoint Server 2007. You can also enable additional services on your SharePoint Server 2007 farm by enabling premium features. See Chapter 23, "Upgrading from Microsoft Windows SharePoint Services 2.0," and Chapter 24, "Microsoft SharePoint Portal Server 2003."

Global Configuration

The Global Configuration options on the Operations page (shown in Figure 6-9) can be grouped into common tasks for management.

Job Service

The options available under Job Service are:

• Timer Job Status Provides a quick view of all jobs running on the farm. The jobs displayed are taken from the Timer Job Definitions page.

• Timer Job Definitions Enables you to view currently configured job definitions that can be disabled and in some cases deleted. For example, you may run a backup job that fails and the only way to run a new job is to delete the current running Backup/Restore Job definition.

Site Management

The options available for Site Management are:

• Master Site Directory Settings When users create new sites in the sites directory, you can configure categories for the sites to belong to. These categories enable users to find sites by a logical grouping on the site directory home page. The Master Site Directory Settings page allows Administrators to specify the URL of the site directory and also the choice to make all new sites created by users belong to at least one or all site catagories. Making these categories mandatory ensures that sites belong to at least one category grouping.

• Site Directory Links Scan Runs a scan and checks known site URLs for site dead links that either do not exist or have moved in the site directory. As users create, delete and move sites it is possible that links in the site directory will not reflect the correct URL to the site as when a site URL changes the site directory does not change dynamically to reflect this change. Choosing to update site properties will auto-correct the dead links in the site directory to reflect the new or deleted URL's of the site links.

Farm Settings

The options available for Farm Settings are:

• Alternate Access Mappings Alternate Access Mappings (AAM) allows administrators to add and manage URL namespaces and associate those URL's with a Web application and its content databases. The AAM also manage the zones for the incoming requests. There are five Zones available for defining where the URL mapping is coming in from or going out to.

  q	Default
  q	Intranet
  q	Internet
  q	Custom
  q	Extranet

  For example, A new Web application is created that extend and maps to an existing site collection. This new web application has Anonymous authentication and will be used for internet users accessing the published site. The AAM is configured with a new Public URL using the Internet URL namespace using the Internet zone and also an Internal URL specifying the internal namespace for the site collection. SharePoint Server 2007 will return requests to the user with the correct URL based on them coming from the internal or internet namespace, including alerts and search results.

• Quiesce Farm Stops the farm from accepting new user connections and gradually brings any long-running applications offline without causing data loss. There are three stages of Quiescing:

  q	Normal Active state handling all requests.
  q	Quiescing The farm only handles existing requests but denies new requests.
  q	Quiesced The farm does not allow any new sessions to start.

• Manage Farm Features Allows you to deactivate or activate features on your farm, such as deactivating the Excel Services feature or spell checking. Once deactivated, the feature will not be available to any site collections in the farm. Additional features can also be managed here that have been added manually, such as third-party add-ons. By default, all features for the farm are active.

• Solution Management A grouping of SharePoint components that can be registered in the Solution Store and then deployed to the Web servers for use in the site collections. The components that can make up a solution can include one or more of the following:

  q	Feature Definitions
  q	Site Definitions
  q	Web Part Package

  This enables developers and administrators to centrally manage and deploy complete customized packages across the farm from a single page. The contents of the solution can be sent to a specific virtual server and also deployed to the Bin or GAC on the servers receiving the package. Solutions are deployed using the Solutions Management page. Once a solution is available for deployment, it enables administrators to send the same solutions to new Web servers when they get added to the farm. Solutions are added to the management page using the stsadm-addsolution command.

Backup and Restore

Disastor recovery should always be right near the top on any administrators to-do list. The Backup And Restore options on the Operations page (shown in Figure 6-8) are for farmwide jobs that can also include Web application and site-collection backups. You can also view the backup jobs in this location and their associated job status.

More Info

See Chapter 30 for more information on configuring Backup And Restore options.

Data Configuration

Use the Data Configuration options on the Operations page (shown in Figure 6-8) to identify the default database server and data retrieval service.

• Default Database Server The SQL server configured here is the default location where all new content databases will be created by default. However, when you create a new Web application on the Application Management page, you can specify a database server other than the default.

  More Info

  See Chapter 7 for more information on creating and managing Web applications.

• Data Retrieval Service Data retrieval services are XML Web services that return XML data from various data sources such as an SQL database. For example, Web Parts can use the data retrieval service to query the data source to return data in a list. When any connections in SharePoint Server 2007 require the use of data services such as SOAP, OLEDB, XML-URL, and Windows SharePoint Services, the data retrieval services must be enabled. By default, the Data Retrieval service is enabled but OLEDB update query support is not, so if you have any data connections requiring this function, make sure that you enable the Data Retrieval services first. The services can be set on a global basis affecting all Web applications or on a perWeb application basis.

Tip

If the data retrieval service is trying to connect to a remote SQL server that is configured to use Windows authentication, then you should configure all the servers and clients involved in the process with Kerberos authentication. This includes the client sending the request, the server initiating the service request (SharePoint server), and also the remote SQL server receiving the request.

Content Deployment

In SharePoint Server 2007, content deployment is a feature of Web Content Management (WCM), which allows multifarm topologies for deploying content from sites or site collections to remote sites or site collections. The ability to transfer content in this manner can, for example, be used in a staging environment where you have an authoring environment that then needs to go to a staging environment and finally on to a production environment.

Note

Content Deployment paths are only one way. You create a source and a destination.

This flexibility of content deployment can be used in both intranet sites as well as Internet-facing sites. Because the content is being deployed from site collection to site collection, it can be used between sites on the same server as well as by sites on completely different farms. Having multiple farms might well be a setup configuration you will have in an Internet-facing scenario for Web page hosting, where the other farms could be living in a screened subnet, for example. Use the Content Deployment options on the Operations page (shown in Figure 6-8) to set up this feature.

With content deployment, you push the content one way, so this is not a two-way synchronization tool. You configure a path and job that define a source site or site collection and also a destination site or site collection that the content will be pushed to. The site collections can be in the same farm or different farms. You can push content via a schedule and specify only content that has changed since the last deployment. To set up content deployment, you need to configure two primary sections on the Operations page in Central Administration.

Content Deployment Settings

Before you can create deployment jobs and paths, you must first enable the import and export feature in the farm to allow deployment jobs to be both sent and received by servers in the farm. In the Content Deployment settings page, as shown in Figure 6-14, there are six settings that need configuring. Follow these steps to configure the settings:

1. Go to Central Administration.

2. Click the Operations page.

3. Click Content Deployment Settings under the Content Deployment section.

4. On the Content Deployment Settings page complete the following sections:

   q	Accept Content Deployment Jobs Needs to be enabled for the farm to receive any incoming jobs
   q	Import Server The server chosen will require enough disk space for all incoming content and must also be a server that has an administration Web application for the farm.
   q	Export Server The server chosen will send all outgoing jobs and will require enough disk space for the content and must also be an administration Web application for the farm
   q	Connection Security Defines whether to use https for encrypting the traffic between source and destination farms. By default it is enabled, if you decide to use only http then the username and password of the authenticating account between farms will be sent in clear text.
   q	Temporary Files The location where all content deployment files will be stored. This folder location must have sufficient free disk space for all possible deployment content.
   q	Reporting Specify how many reports you wish to keep until the first one is overwritten. By default 20 report jobs are kept.

Figure 6-14: Configuring content deployment settings

Note

Make sure you have plenty of disk space on the temporary storage location folder, because some deployment jobs could be very large in size if the deployed site has large amounts of content in its lists and libraries.

Reports can also be created to follow the progress of the jobs as they transfer between the site collections.

Content Deployment of Paths and Jobs

After a farm is enabled to accept incoming jobs, you can create the path between the sites and specify the jobs that use those paths. A path in content deployment is a relationship between two specific site collections that must be configured. The path must also specify the authentication method to use when connecting the site collections. To accomplish this, follow these steps:

1. Go to Central Administration.

2. Click the Operations page.

3. Click Content Deployment Paths And Jobs under the Content Deployment section.

4. On the Manage Content Deployment Paths And Jobs page, click New Path (see Figure 6-15).

5. On the Create Content Deployment Path page, complete the following sections on the page:

   1. Type a name and description.

   2. In the Source Web Application And Site Collection section, select a source Web application and then choose a site collection or a site from the drop-down arrows.

   3. In the Destination Central Administration Web Application section, specify the URL of the destination Central Administration site that will receive the incoming deployment jobs. Ensure this has been enabled for receiving incoming deployment jobs in the Content Deployment Settings page.

   4. In the Authentication Information section, decide how the authentication will be handled when connecting to the destination server. You can either use the application pool account or specifiy a unique account. You must also connect to the remote Central Administration site that you just configured before you can specify the destination site.

   5. In the Destination Web Application And Site Collection section, specify the destination Web application and then choose the site collection or site to send the deployed content to.

   6. In the User Names section, select whether to deploy user names with the deployed content.

      Note

      Deploying a user name could be useful in a situation of publishing blog entries but would not be useful if it was published content for an Internet facing site where the financial manager had added some yearly financial figures for the site.

   7. In the Security Information section, decide if you want to send any security information such as roles or memberships along with the content.

      Note

      If you were sending content to a screened subnet in another farm in a different Active Directory forest, for example, there would be no benefit to sending the security information as the destination farm would be handling its own membership and role structure for access to the published content.

6. Click OK to complete the page.

Figure 6-15: Creating a new Content Deployment path

After a path is defined, multiple jobs can be associated with the path to use the relationship between site collections. You can set up the jobs you create to deploy only certain sites in the site collection, and you can also choose a schedule for when the job will run. To accomplish this, do the following:

1. Go to Central Administration.

2. Click the Operations page.

3. Click Content Deployment Paths And Jobs under the Content Deployment section.

4. On the Manage Content Deployment Paths And Jobs page, click New Job (see Figure 6-16).

5. On the Create Content Deployment Job page, complete the following sections on the page:

   1. In the Name And Description section, type a name and description.

   2. In the Path section, select a path to use for the job. A job can be associated with only one path.

   3. In the Scope section, select a scope that is either the root of the site collection to be deployed or a specific site within the site collection. If you select the root of the site collection, all sites and content in the site collection will be deployed to the destination.

   4. In the Frequency section, select a schedule for when the job should run. You have many options for the frequency of the job timings. If you want to just run it once, there is no need to configure a schedule.

   5. In the Deployment Options section, select if you want to deploy all the content every time the job runs or just deploy the changes to the content since the job last ran. For regularly scheduled jobs, you should deploy the changes only.

   6. In the Notification section, select how notifications are sent for job success or failure and which e-mail address will receive the notification.

6. Click OK to complete the page.

Figure 6-16: Creating a new Content Deployment Job