The
deployment stages for SharePoint 2013 include preparation, installation, and
configuration of your
SharePoint 2013 farm.
1.
Accounts
Required for SharePoint 2013 Installation
·
SharePoint,
SQL Server, and Active Directory
SharePoint has close
relationships with and dependencies on Microsoft SQL Server and Active
Directory.
Active Directory
provides identity and authentication services. In other words, it stores user
accounts (user names and passwords) and validates account logons. These
services support users logging on to SharePoint sites. They also support the
accounts used by SharePoint and SQL services themselves.
SQL Server stores almost
all of the configuration and content of a SharePoint farm. SQL Server services,
like all Windows services, run using an identity. SharePoint services also run
with Active Directory credentials. The credentials are used by SharePoint to access
data in SQL Server. These accounts must have SQL logins so that SQL can
authorize the access.
These SQL logins are
created automatically by SharePoint during setup and the creation of web applications.
·
Service
and administrative accounts
Before installing
SharePoint, you must ensure that there are appropriate accounts, logins, and
permissions to support the interdependencies between SharePoint, SQL Server,
Active Directory, and the SharePoint server itself.
·
SQL
Server service account
SQL Server services use
identities, or accounts. Like most Windows services, you can use a special
identity such as System, Network Service, or Local Service, but it is a highly
recommended best practice to use a domain user account. If SQL Server is
installed on a different computer to where SharePoint is installed, it is
required to use a domain account.
·
Setup
user account
The setup user account
is used by a human being to install and configure SharePoint. During setup and configuration,
SharePoint creates SQL databases and logins, and modifies the server itself
(for example, creating local groups). SharePoint setup and configuration uses
the credentials of the setup user account to perform such tasks, so it must be
a securityadmin and dbcreator on the SQL Server, and it must be amember of the
local Administrators group. It must also be a member of the db_owner fixed
database role on any databases affected by any Windows PowerShell cmdlets that
you run.
The only SQL login that
you must manually create is the login for the setup user account, which
actually performs the initial setup of the farm.
·
Server
farm account
During installation and
configuration, the setup user account assigns an account to the SharePoint
farm, which is the service account representing the SharePoint farm.
The server farm account
is also referred to as the database access account and is used by SharePoint to
configure and manage the server farm. It is also the identity used by the
Central Administration site’s application pool, and the identity used by the
Timer service.
The SharePoint Products
Configuration Wizard automatically assigns the account the permissions it
needs.
The server farm account
is automatically added as a SQL Server login on the computer that runs SQL
Server. The account is
added to the following SQL Server security roles:
ü dbcreator
fixed server role
ü securityadmin
fixed server role
ü db_owner
fixed database role for all SharePoint databases in the server farm
·
Application
pool accounts
Each web application
runs in an application pool. The application pool identity is a domain user
account
That is functionally
equivalent to a service account, with permissions to access the content
database for
the web application on
the SQL Server.
Service applications,
such as Search, are also web applications. Therefore, they also run in an
application
pool with a domain user
identity.
Web and service
application pool accounts are automatically granted the permissions they need
during
the provisioning of the
application.
Next Post: Installing SharePoint 2013 Prerequisites
No comments:
Post a Comment