Service Applications
❘
7
FIGURE 13
SERVICE APPLICATIONS
Another exciting addition to SharePoint is Service Applications. If you have used MOSS 2007, then
you may be familiar with its Shared Service Provider (SSP) architecture. The SSP was a central ser-
vice that shared common resources with one or many web applications. This enabled SharePoint
to do one crawl, for instance, but provide the search functionality to all the web applications in the
farm without duplicating effort. The SharePoint 2007 SSP was an all-or-nothing affair. Your web
app could only be associated with a single SSP, consuming all SSP services; and it was difficult, if
not impossible, to delegate authority over different parts of the SSP.
Service Applications represent the evolution of the SSP. The SSP model had some pretty common
pain points, which the change to Service Applications addresses. In SharePoint 2010, all the Service
Applications are separate. Examples of Service Applications include Search, Profile Import, Business
Data Catalog and Managed Metadata. This means they can be turned on and off as needed, enabling
you to pick and choose only the ones you are actually using. This saves resources and reduces the
attack vector. Service Applications can also be given their own permissions. This enables you to
8
❘
CHAPTER 1 What’s NeW iN sharePoiNt 2010
give one user the capability to manage Search without that user being able to do anything with the
Managed Metadata Service.
Central Administration is security trimmed, so Service Application administrators will only see the
Service Applications to which they have access. As an added bonus, Service Applications are avail-
able in all versions of the product. Windows SharePoint Services 3.0 did not have SSPs. They were
only in the Search Server and MOSS SKUs of SharePoint 2007. In SharePoint 2010, all versions of
the product benefit from Service Applications, though different versions will have different Service
Applications available.
Chapter 7 covers Service Applications thoroughly. Jump on over there to see which Service
Applications come with SharePoint 2010 and how to configure and manage them.

WINDOWS IDENTITY FOUNDATION AND CLAIMS
It’s a complicated world we live in. We all have to access many different websites, and in most cases
each one requires a different username and password. What’s worse is there is no way for them to
know about each other and keep your information synchronized. If only there was a way to use one
identity over many resources, or a way for many authentication sources to be used in one SharePoint
farm. Good news; now there is.
SharePoint 2010 supports claims-based authentication, which is a powerful and flexible authentica-
tion model. Claims-based authentication works with a variety of identity systems, such as Active
Directory, LDAP directories, and even LiveID. The glue that holds this all together is a product set
known as Windows Identity Foundation, which enables users to have identities in different reposito-
ries and use them simultaneously to access different resources in SharePoint.
Each user gets a token from each repository that contains claims about that user. This is a step beyond
just proving identity, or authentication, as we’re accustomed to with SharePoint 2007. A user’s token
can also contain claims about the user. Think of it as user metadata. This might be the user’s man-
ager, birthday, location, and so on. One of the advantages of using claims is its support for federation.
That means if the appropriate trusts are put into place, companies can trust each other’s authentica-
tion providers and use their own credentials to log into another’s SharePoint farm.
Sound complicated? Well, it is. Fortunately, we devote an entire chapter, Chapter 9, to explaining
claims-based authentication and how to use it with SharePoint 2010.
HEALTH AND MONITORING
Installing SharePoint 2010 or upgrading your current SharePoint 2007 farm to SharePoint 2010 is
only half the battle. Keeping it running is the tough part. SharePoint 2010 includes a lot of function-
ality, which means a lot of moving parts. Like any good machine, someone has to keep an eye on
all these parts to ensure that they’re working; and when they’re not working, be able to figure out
why. SharePoint 2010 introduces several ways for administrators to keep an eye on how SharePoint
is running, as well as ways for SharePoint to proactively keep an eye on itself, and in some cases fix
itself if something is wrong.
Health and Monitoring
❘
9

Health and Monitoring has been given so much focus in SharePoint 2010 that it has its own head-
ing in Central Administration. The left navigation pane in Central Administration has a Monitoring
link that exposes all the new options available (see Figure 1-4).
FIGURE 14
Health Analyzer
The first option under the Monitoring heading is the Health Analyzer. This amazing piece of soft-
ware is one way that SharePoint monitors itself. Out of the box, SharePoint Server comes with
52 definitions of behaviors that it knows can go wrong with a SharePoint server, like the C drive
running out of space. Each of these 52 situations is written into a rule, and periodically SharePoint
reviews these rules to determine whether SharePoint is in trouble. If any rules are triggered, an
administrator can be alerted, and in some cases, such as heavily fragmented database indexes,
SharePoint can just take care of the problem itself. Click the “Review problems and solutions” link
to see what problems SharePoint has found with itself if you haven’t been alerted. The rule set is
extensible, so new rules may appear in service packs or patches, and independent software vendors
are able to write rules as well.
10
❘
CHAPTER 1 What’s NeW iN sharePoiNt 2010
Timer Jobs
The capability for monitoring Timer Jobs was weak in SharePoint 2007 but it has also been sub-
stantially upgraded in SharePoint 2010, and you now have more granular control over the Timer
Jobs. By clicking a definition, you can alter its schedule or disable it completely. You also now have
the capability to run a Timer Job as a one-off when needed, without interrupting or changing the
existing schedule. This is invaluable when it comes to troubleshooting. A new Timer Job Status
page gives you real-time status information about running Timer Jobs. This page lets you see at a
quick glance which Timer Jobs will be running next, which Timer Jobs are currently running, and
the Timer Job history. If you want to drill down to any of areas, each has its own dedicated page
as well.
Reporting
The final tab in the Monitoring section is Reporting. From this tab you can look back and see what

SharePoint has been up to. A variety of reports are available here; there’s something for everybody.
It’s your one-stop shop for SharePoint reporting. The first link is for Administrative reports. For
example, a folder for Search reports enables you to see search metrics such as how long queries take,
how long crawls take, and so on. This enables you to see potential problems with your environment
before your end users start complaining about them. Another great aspect of the administrative
reports is that they are extensible. They are stored in a document library, so you can upload reports
of your own.
Another piece on the reporting page is the configuration for SharePoint’s diagnostic logging. Here
you can set diagnostic levels and the location and number of log files that are created. You can also
enable a new feature called Event Flood Protection, which keeps your log files from being flooded
with rapidly occurring errors, instead dropping them after a few instances and then periodically
writing events to the log to let you know the error is still occurring. This option makes the log files
much easier to read and saves space as well.
Another set of reports you can use to keep an eye on your farm are the health reports. These reports
surface the slowest pages in a web app, or on a server. Again, this enables you to be proactive by
finding the problem pages in your farm before your end users get around to letting you know about
them. Speaking of end users, those same health reports can tell you who your most active users are
as well. If you want the full array of usage reports for your web app, those are there too, under Web
Analytics Reports. These reports show you daily hits, referrers, and other metrics about your web
app. These are similar to the usage reports at the site collection level in SharePoint 2007.
This is just the tip of the monitoring iceberg. If you want to read about SharePoint 2010 monitoring
in stunning Technicolor, turn to Chapter 15.
MANAGING SHAREPOINT 2010 WITH WINDOWS POWERSHELL
As we’ve shown already, SharePoint 2010 has a tremendous number of administrative additions,
including both new functionality and improvements on ways to do old things. One example of the
latter is the transition to Windows PowerShell as the command-line administrative environment. We
Recovering from Disaster
❘
11
had it pretty good with STSADM in SharePoint 2007, but Windows PowerShell takes it up to a whole

new level. Our old friend STSADM is still included with the product, but it’s deprecated. It’s time to
say your good-byes and get friendly with its replacement. Windows PowerShell not only enables you
to do everything that STSADM did, but it provides a much better environment for scripting and loop-
ing through objects. No longer are administrators limited to the operations included with STSADM.
No longer are you at the mercy of developers to write code to access the SharePoint object model.
Windows PowerShell allows mere administrators to get access to SharePoint objects, if you choose,
and to do things that were never possible before. For instance, if you want to see the last time the
security was changed on a site collection, you can use a Windows PowerShell script like this:
PS C:\> $site = Get-spsite
PS C:\> $site.LastSecurityModifiedDate
Sunday, December 20, 2009 3:26:15 AM
In SharePoint 2007 you had to write code to get that information. That example might not be very
exciting, but once you read Chapter 10 and see what Windows PowerShell can do with SharePoint
2010, you’ll be a believer.
MANAGED ACCOUNTS
One of the dichotomies faced by SharePoint 2007 administrators was service accounts and passwords.
On the one hand, administrators wanted to increase security by having multiple service accounts,
and regularly changing those accounts’ passwords. On the other hand, the process to change service
account passwords was complicated and very prone to error, which could cause downtime. What was
a SharePoint 2007 admin to do?
Those days are over. In SharePoint 2010 that pain has all been removed by the magic of managed
accounts. Much like managed paths, managed accounts are accounts those for which we’ve told
SharePoint, “These are all yours, you take care of them.” Once we give SharePoint that flexibility,
it can change the passwords as needed, and keep itself updated as it does so. It will even respect any
GPO-based password restrictions and change account passwords accordingly. You still have the
option to manage an account manually if you need to change the password and log in as a specific
user. This is all managed in Central Administration or through Windows PowerShell.
Does this all sound too good to be true? Well, it’s not. You can find out more about it in Chapter 8.
RECOVERING FROM DISASTER
We don’t mean to alarm anybody, but there are barbarians at the gate. Every day there are forces

trying to take down your much beloved SharePoint farms. These forces could be in the form of mali-
cious users, bad software, brown-outs, floods, locusts, or even failing hard drives. Any of these can
take down your SharePoint farm or result in lost data. Trust me, your end users aren’t very under-
standing of either situation.
Fortunately, SharePoint 2010 comes with some great disaster recovery options out of the box. These
options range from content recovery options like the two-stage recycle bin, to disaster recovery
12
❘
CHAPTER 1 What’s NeW iN sharePoiNt 2010
options like database mirroring and farm-level backups. Backup and recovery is an important
enough concept that it has been given its own heading in Central Administration.
To address most common backup needs, the backup options have been divided into two levels, Farm
and Granular, which is at the site collection or site level. Figure 1-5 shows all the different options.
FIGURE 15
Chapter 12 is dedicated to backups and disaster recovery techniques. Hopefully you’ll never need to
use any of them, but like a Boy Scout, you should always Be Prepared.
THE NEW AND IMPROVED USER EXPERIENCE
Figure 1-2 gave you a glimpse of the SharePoint 2010 user interface. You saw that Central Administration
has the Ribbon that was first introduced in the Office 2007 clients. The Ribbon (also referred to as
the “fluent UI”) not only made it into Central Administration, it also exists on all SharePoint content
sites as well. All the advantages the Ribbon provides in Central Administration also exist in the con-
tent web apps. Even web pages have the Ribbon to make editing them easier. Figure 1-6 shows a wiki
home page with the Ribbon.
Summary
❘
13
FIGURE 16
The Ribbon offers access to the most common tasks for the object selected. In Figure 1-6 that object
is a page, so all the tasks associated with pages are available in the Ribbon. The page can be edited
or checked out, and the permissions can be altered. The Ribbon is just part of what gives SharePoint

2010 a better user experience, also called the UX. The UX offers other improvements too, such as
inline editing, more consistent theming and branding, and improved multilingual support. Some of
these changes are significant, and will result in some growing pains for users. Chapter 2 covers all
the improvements to the UX, as well as techniques to make the transition easy for your users.
SUMMARY
SharePoint 2010 brings a lot to the table for SharePoint administrators. This chapter provides some
of the highlights of the product, and gives you a taste of what the subsequent chapters cover. This
book contains all the SharePoint 2010 information administrators need to know. The product is big,
so get comfortable; there’s a lot of exciting material still to come.