Best practices for Sharepoint 2013 3 tier installation

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/132827

Question

I have 3 servers

  • WFE server
  • Application Server
  • Database Server

I am using Windows 2008 R2 and SQL server 2008

Assuming SQL Server 2008 is installed with a Server account E.g. SQL_service, can someone suggest if the following are the best practices

  1. Plan for the Ports to be opened between

    • App to Database server

    • WFE to Database server

    • APP and WFE

  2. Plan the Service applications in my case

    • Managed Metadata Service application

    • Business Service application

    • Search Service application

    • User Profile

  3. Service accounts for SharePoint

    • Spfarm - for the farm configuration and
    • sp_admin - for the administration purposes
    • spmmc- managed metadata
    • spbcs - for business connectivity services
    • spuser - for user profile with replicate directory changes permission

  4. Install pre requisite's for SharePoint

  5. Install SharePoint Binaries

Should we login on the APP server as the spadmin account or spfarm account to install the pre requisites, SharePoint binaries and configuration of the service applications?

Is it a good practice to create service accounts for all the service applications as we would end up creating separate applications pools for each of them instead of having one service account? E.g. spservices for all the service applications - This would only create one application pool for all the service applications except for user profiles.

Was it helpful?

Solution

I saw this question little late. I think you already done with it but i am sharing the my experience here.

  • to install the pre requisites and SharePoint Bits under a account which is local admin on the server( we used the install account), this account will do the future updates as well. So in your case SPfarm account.
  • When you run the PSconfig wizard it will ask the farm admin account( which in your case i guess, SP_Admin).
  • if you need fool proof security and totally separation of duties then separate account for each service app.
  • We use the single service account for all services application's app pool but create a separate app pool on each Service App. So one account for all app pool but each service app having own app pool.
  • dont mix the Web App's app pool account with service application's app pool Ids.
Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top