Sharepoint Web / Service Application / Pools for Security and Isolation Concerns
https://sharepoint.stackexchange.com/questions/111349
-
29-09-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have multi part question in regards to setting up the topology for my company and am curious about best practices.
We are creating a SharePoint farm that will be used by different divisions in the company and we require isolation between the divisions.
We have let's call them Division1, Division2 and Division3 all to setup each needing to be separated from each other. Here are some of the questions and concerns i have:
- What i was wondering about is do i setup a different web application for each? or do i setup more generic web application and separate them with site collections? for example internet.domain.com, intranet.domain.com, my.domain.com or do i setup division1.domain.com, division2.domain.com to reach the isolation we require?
- If i do use the more generic web applications approach what is the best practice for separating search and metadata? Is setting up partitioning for each service the better way to go in this scenario?
- Do i setup a different application pool for each web application? Do i setup a different service application per service? or used a shared app / service pool? What are the advantages of each?
** I should note my sharepoint farm is on the same domain as all the different divisions.
I have done some research and am getting conflicting information on these points which is why i thought i would ask these questions here.
Solution
As per my experince
- I think you will be fine with one site collection for each department. No one from divsion1 site collection can access division 2 site unless you grant permission(this is also true for Web Application). Normaly you can create managed path site collections but if you need a FQDN for each site collection then you can use the HNSC.
But here is question, will any of department using any custom solution(farm level) then may be seprate web application will be the only option.
2- I dont see any issue if you have one search services and metadata services for all web application, because it is depend upon permissions and you setting. Multiple instance of the a services application mean more load on server.
3- One thing, there are limit of number of app pool on a given farm which is 10 app pools(as per MSFT limit). you can use separate app pool for each web app but it will cost in term of resource, each app pool required set of process in order to work. If you decide to go different web app then i would go for one app pool for all web application. let services run under there own app pool.
At the end you have to decide after analyzing your farm hardware, number of server, number of users etc, which design is good. but i would go for site collections approach if no farm level solutions required.
