New Azure SQL Server V12 Security Features

Secure Data with Azure SQL Database

Azure SQL Database offers a set of out-of-the-box features to secure organization data from non-authenticated users. It offers simple-to-implement features that help to protect the data and build secure business applications within Azure.

A lot of the newer Azure SQL Security Features are available only when clients connect using Secured Connection String.

Older In-Secure Connection String

{ServerName}.database.windows.net

Newer Secure Connection String

{ServerName}.database.secure.windows.net

Most of the newer Azure SQL Database Security Features only works with v12 engine which is GA. 

If you have an older version v11 database; it is required to upgrade it to v12. 

Check the version first by using this PowerShell Cmdlets

Get-AzureSqlServer 

-ServerName ''

-ResourceGroupName ''

Note:

ResourceGroupName can be find using Azure Preview Portal

You will get some results when you run above PowerShell command and out of the all information; find ServerVersion value

ServerVersion : 2.0

If the value is 2.0 then the available SQL Engine is not v12 it can be upgraded with following PowerShell Command

Start-AzureSqlServerUpgrade

-ServerName ''

-ResourceGroupName ''

-ServerVersion 12.0

Running above Cmdlet will queued the upgrade request and will finish ASAP.

If you run above command for In-Use Database; there will be an outage which can potentially takes few minutes subject to the database size.

To get the status of the above upgrade request; run this PowerShell Cmdlet

Get-AzureSqlServerUpgrade

-ServerName ''

-ResourceGroupName ''

Now Azure SQL Server has been upgraded to v12 and it is required to protect the data using these security features.

New Azure SQL Database Security Features

1. Connectivity

Azure Active Directory (AAD) Authentication Support is Generally Available (GA) for connecting to SQL Database by using user identities in AAD for managed and federated domains in a centralized location.

Azure Active Directory authentication uses contained database users to authenticate identities at the database level. It is an alternative to SQL Server Authentication and database permissions can be managed using AAD groups.

2. Authorization

Row-Level Security (RLS) Support is GA that allows user identity based, role membership based, or query execution context based access to data rows.

Row-Level Security (RLS) capability embeds and centralizes custom data access logic within the Azure SQL database which minimize the risk of accidental data access.

Azure SQL Database supports for Filter Predicates and Block Predicate.

Filter Predicate restrict row-level read access.

Block Predicate restrict row-level write access

Dynamic Data Masking is supported for v12 of Azure SQL Database.
This feature mask the organization sensitive data for unauthorized access. It hides database fields of the requested data in the query result set and there is no impact on database operations.

3. Encryption

Always Encrypted Feature to be in public preview soon.

Always Encrypted Feature is designed to protect organization sensitive data that are stored in SQL Server databases.

Always Encrypted Feature also allows clients to encrypt sensitive data inside client applications and not expose the encryption keys to the database.

The benefit of doing it is; Always Encrypted Feature always differentiate between those who own the data (and can view it) and those who manage the data (but should have no access).

The whole encryption mechanism is transparent to the business applications which is achieved by installing a Always Encrypted-enabled driver on the end-user computers which automatically encrypt/decrypt organisation sensitive data in all business applications.

This Always Encrypted driver encrypts the sensitive data only in specified sensitive data columns/fields before passing it to the SQL Server and similarly the same driver decrypts the encrypted data automatically in the query output results.

4. Compliance

Transparent Data Encryption Feature is GA and it encrypts

• Databases
• Transaction Logs
• Associated Backups

to meet the organization compliance requirements.

Transparent Data Encryption (TDE) is based on SQL Server Transparent Data Encryption Technology that encrypts the storage of the database by using AES-256 Symmetric Database Encryption Key.

SQL Server Database protects the Database Encryption Key with a Service-Managed Certificate and all key management for database copying, geo-replication, and database restores anywhere in SQL Server Database is handled by this service.

You can enable it on your database with two clicks in the Azure Preview Portal:

Go to Azure Preview Portal
Under Database Security --> Transparent data encryption

(1) Click ON and then
(2) Click Save

There is a slight downside that if you are migrating any SQL Database from On-Premises; it is required to

- Decrypt On-Premises SQL Database before Migrating
- Re-Encrypt again once it is migrated to Azure

You can achieve it by using (a) OR (b)

(a) TSQL on Azure Preview Portal

ALTER Database [SQL Database Name] 
SET ENCRYPTION ON;
GO

(b) Azure PowerShell Command

Set-AzureSqlDatabaseTransparentDataEncryption 
-ServerName ['Server Name']
-ResourceGroupName ['Resource Group Name']
-DatabaseName ['Database Name']
-State "Enabled"

Note:
Run the commands and wait for database to be encrypted.


Use this PowerShell command to check the status of this encryption process

Get-AzureSqlDatabaseTransparentDataEncryption


5. Threat Detection / Azure SQL Database Auditing

Auditing is GA on Basic, Standard, and Premium service tiers.

Azure SQL Database Auditing capabilities tracks SQL database events and writes audited events to the SQL Audit Log in Azure Storage.

Threat Detection is an additional feature of Azure SQL Auditing which gives alert unauthorized / suspicious activities on Azure SQL Databases or even at the Database Server Level.

There are many PowerShell commands available for Azure SQL Auditing

For "Database" Auditing

(i) Get-AzureRmSqlDatabaseAuditingPolicy

Example:
Get-AzureRmSqlDatabaseAuditingPolicy 
         -ResourceGroupName ""             
         -ServerName ""
         -DatabaseName ""


(ii) Set-AzureRmSqlDatabaseAuditingPolicy

Example:
Set-AzureRmSqlDatabaseAuditingPolicy 
         -ResourceGroupName ""             
         -ServerName ""
         -DatabaseName ""
         -StorageAccountName ""

(iii) Remove-AzureRmSqlDatabaseAuditingPolicy

Example:
Remove-AzureRmSqlDatabaseAuditingPolicy 
         -ResourceGroupName ""             
         -ServerName ""
         -DatabaseName ""

For "Database Server" Auditing

(i) Get-AzureRmSqlServerAuditingPolicy
 
Example:
Get-AzureRmSqlDatabaseAuditingPolicy 
         -ResourceGroupName ""             
         -ServerName "" 

(ii) Set-AzureRmSqlServerAuditingPolicy
 
Example:

- Set up the Auditing Policy of the Azure SQL Server

Set-AzureRmSqlDatabaseAuditingPolicy 
         -ResourceGroupName ""             
         -ServerName "" 
         -StorageAccountName ""

- Set the Storage Account Key of an existing Auditing Policy of Azure SQL Server

Set-AzureRmSqlDatabaseAuditingPolicy 
         -ResourceGroupName ""             
         -ServerName "" 
         -StorageAccountKey Secondary

- Set the Auditing Policy of Azure SQL Server to use specific Event Type

Set-AzureRmSqlDatabaseAuditingPolicy 
         -ResourceGroupName ""             
         -ServerName "" 
         -EventType Login_Failue

(iii) Remove-AzureRmSqlServerAuditingPolicy
 
Example:

Remove-AzureRmSqlDatabaseAuditingPolicy 
         -ResourceGroupName ""             
         -ServerName "" 


Defining for a "Database" to use Auditing Policy of  the "Database Server" 


(i) Use-AzureRmSqlServerAuditingPolicy

Example:

Use-AzureRmSqlServerAuditingPolicy 
         -ResourceGroupName ""             
         -ServerName ""
         -DatabaseName ""

IAM with Microsoft Identity Manager 2016

What is Identity & Access Management (IAM)

IAM means the establishment and management of individual users roles and credentials to make sure that the individual credentials are valid and he/she is authorized to access the organization line-of-business applications and/or assets. Also it is required to make sure that the individual credentials and access must be revoked/removed when he/she is leaving the organization.

Why organisations need Identity Management Solution?

Small, Medium and Large Organisations deploy Identity and Access Management (IAM) Solutions to make sure that they can meet the security challenges for all integrated business applications located on-premises and on the cloud. Having Identity Management Solution deployed in the organisations; users can use single identity to access all the business applications as per their role and making change in one identity solution will synchronize their details in other identity solution.

IAM is very useful to

• Provide users the right access for the data and services
• Integration of organisation identity solution with 3rd party identity solutions
• Consistent User experience for smooth authentication and authorization
• and others

ROI from Identity & Access Management Solutions

Every organization invest in technology with ROI in mind and in the world of IAM Solutions is not an IT issue but a challenge for C-Level Business Executives and/or Investors where information/data is the most important asset of the organization. An advanced Identity & Access Management solution is the core strength of an organization where organization will receive the return-on-investment in terms of being ready to integrate with any new solutions, integrating with 3rd party applications and/or identity repository stores, saving help-desk calls and capable to protect its assets from all external threats.

What is Identity Life cycle Management

Identity Life cycle management is the process of

• Provisioning of User Identity
• De-Provisioning of User Identity
• Identity synchronization
• Security Principal Creation
• Attribute Management
• Identity Aggregation  and Delete

Microsoft Identity Manager (MIM) 2016

• MIM 2016 is the latest version of Microsoft’s Identity and Access management (IAM) product suite which build on top of FIM 2010 R2 with additional capabilities of hybrid experience, Certificate Management (CM) and Privilege Access Management (PAM) REST APIs.
• MIM 2016 replaces Forefront Identity Manager (FIM) 2010 R2
• MIM 2016 provides managed synchronization between on-premises Active Directory Forest and Azure Active Directory
• MIM 2016 provides a broad range of services including user provisioning/de-provisioning, authentication/authorization of other LOB applications, BYOD, and data protection etc.

Microsoft Identity Manager 2016 Brief History

Microsoft Identity Manager 2016 Features

MIM 2016 features are

• Identity data management and synchronization
• Self-Service Identity/password Management
• Dynamic Group Membership
• Reporting and Auditing
• Single Sign-On using SAML and other Federation Technologies
• Creation of Windows Accounts and Other Accounts
• Automation using PowerShell Cmdlets
• Restful APIs for integration with 3rd parties for identity related tasks
• Authentication and authorization workflow
• Credentials management
• Certificate management
• etc.

Where you use Microsoft Identity Manager 2016 ?

The most common scenarios are

1. Cloud-ready Identities - MIM 2016 prepares user identities in on-premises Active Directory for synchronization with Azure Active Directory

2. Self-Service Capability - MIM 2016 provides capabilities for password reset with Azure multi-factor authentication and joining to dynamics active directory groups with workflow approvals and certificate management.

3. Reporting and Auditing - MIM 2016 protects admin Accounts by providing privileged access and also provide new security protocols.

4. IAM Solutions for modern Hybrid Infrastructure - MIM 2016, on-premises Active Directory and Azure Active directory work together for an organization and secure the organization hybrid infrastructure.

5. Seamless integration - MIM 2016 seamlessly integrate with on-premises identities store like Active Directory, LDAP, Oracle, etc to provide consistent experience for on-premises applications as well as SaaS solutions.

5. New REST based APIs for AuthN/AuthZ - Programmatic interface for integrating MIM 2016 with other 3rd party solutions.

and others.

SharePoint / Office 365 New Migration API

New SharePoint / Office 365 Migration API

Introduction
In Microsoft Ignite 2015 conference;  new SharePoint / Office 365 Migration API is also announced. The new Migration API will enable the users to migrate contents (all sorts of contents, files, permissions, metadata etc.) from on-premises SharePoint Farm or local/share drives etc. to Azure BLOB Storage (a.k.a Azure Temporary Storage) as packages in batches and pushed in batches and finally Timer Jobs of SharePoint Online pulled the package into the Office 365, SharePoint Online and OneDrive for Business.

With this new API; the speed of migrating Gigabytes (GBs) of data is almost five (5 times) than the old way of migration and no worries for CSOM call throttling.

The flow of migration is as follows

Step by Step Guide

Step 1 -  Install SharePoint Online Management Shell

Go to the SharePoint Machine and uninstall all previous versions of SharePoint Online Management Shell, then download it using this link and install it 

https://www.microsoft.com/en-us/download/details.aspx?id=35588

Once it is downloaded; run it "As Administrator" and execute this command in SharePoint Online Management Shell window

$cred = (Get-Credentials "")

This will pop-up a window to get the password. Please provide the password.

This $cred variable will be used later in the migration.

Step 2 -  Add 2 new folders in your local SharePoint machine

These folder will only contain XML files so will not occupy lots of space

Folder 1 Name: c:\temp\TempPackage

Folder 2 Name: c:\temp\FinalPackage

Step 3 -  Create Azure Storage Account

Create Azure Storage account and make note of the Account Name and Key for later use

1- Go to https://manage.windowsazure.com and login




2 - Create a new Azure Storage for temporary storage and keep account username and key value for later use

Step 4 -  Create New Migration Package and Upload to Azure Storage

Migration package can be created in 2 ways

• From Local Fileshare

Folders and files in the local file share can directly uploaded to the Azure Storage using below PowerShell command

 New-SPOMigrationPackage
-SourceFilesPath $sourceFiles 
-OutputPackagePath $targetPackage

where

$srcFiles = {Source Files Path}
$targetPackage = {Target Package Path}

Example:

PS C:\> $azurePkg = Set-SPOMigrationPackageAzureSource -SourceFilesPath '\\fileserver\fileshare'
-OutputPackagePath 'd:\temp\migrationpackage_source'

• From On-Premises SharePoint Server

From On-Premises SharePoint Server; it is required to go through few extra steps. First use Export-SPWeb.  

The Export-SPWeb cmdlet exports a site, list, or library. 

Export-SPWeb [-Identity]  

-Path  

[-AppLogFilePath ] 

[-AssignmentCollection ] 

[-CompressionSize ] 

[-Confirm []] 

[-Force ] 

[-HaltOnError ] 

[-HaltOnWarning ] 

[-IncludeUserSecurity ] 

[-IncludeVersions ] 

[-ItemUrl ] 

[-NoFileCompression ] 

[-NoLogFile ] 

[-UseSqlSnapshot ] 

[-WhatIf []]

where

[Identity] = GUID or URL of SharePoint Site. It is required.

Path = Folder Path of the Export File. Since NoFileCompression property is used; this must be a folder path. It is required.

ItemUrl = URL of Web Application, GUID or SharePoint object to be exported. It is optional/

Please get other details from

https://technet.microsoft.com/en-us/library/ff607895.aspx

Example:

PS C:\>Export-SPWeb http://spsite -path "d:\temp\exportpackagefilename.cmp"

Note:

The package named exportpackagefilename.cmp is NOT  READY for migration; 

So it is required to make it ready for migration to target destination using below command

ConvertTo-SPOMigrationTargetedPackage -TargetWebUrl $targetWeb 
-SourceFilesPath $sourceFiles
-SourcePackagePath $sourcePackage
-OutputPackagePath $targetPackage
-TargetDocumentLibraryPath $targetDocLib
-Credentials $creds

Examples:

PS C:\>$targetPackage =  ConvertTo-SPOMigrationTargetedPackage -TargetWebUrl http://spsite                           -SourceFilesPath \\fileserver\sharedfolder\sourcefilesFolder-SourcePackagePath c:\temp\TempPackage-OutputPackagePath c:\temp\FinalPackage -TargetDocumentLibraryPath "SPDocumentsLibName"-Credentials $creds

OR In a SubFolder destination

PS C:\> $targetPackage = ConvertTo-SPOMigrationTargetedPackage 
-TargetWebUrl https://spsite
-SourceFilesPath \\fileserver\sharedfolder\sourcefilesFolder 
-SourcePackagePath c:\temp\TempPackage-OutputPackagePath c:\temp\FinalPackage\-TargetDocumentLibraryPath "SPDocumentsLibName"-TargetDocumentLibrarySubFolderPath "Libray/SubFolder"-Credentials $creds






For more details

https://technet.microsoft.com/en-us/library/mt143609.aspx







The above PowerShell command will convert the XML [ generated in temporary folder (c:\temp\TempPackage) when executed Export-SPWeb command ] and saves/copy new targeted migration package metadata files to the final package folder [ (c:\temp\FinalPackage) ]




Note: You might need to provide password for the credentials



Uploading On-Premises SharePoint Package to Azure Storage




On-Premises SharePoint can be uploaded to Azure Storage using below PowerShell command



Set-SPOMigrationPackageAzureSource 
-SourceFilesPath $sourceFiles 
-SourcePackagePath $targetPackage 
-AccountName $azureAccountName 
-AccountKey $azureAccountKey
-AzureQueueName $azureQueueName 





Example:

PS C:\> $azurePkg = Set-SPOMigrationPackageAzureSource -SourceFilesPath $sourceFiles -SourcePackagePath $targetPackage -AccountName $azureAccountName -AccountKey $azureAccountKey-AzureQueueName $azureQueueName 





Step 5 - Submit Azure Package




Now the package is uploaded to the Azure Storage; the next big step is to submit the package.







Submit-SPOMigrationJob 



-TargetWebUrl $targetWeb 


-MigrationPackageAzureLocations $azurePkg 

-Credentials $creds









Example:

PS C:\> Submit-SPOMigrationJob
              
-TargetWebUrl = https://spsite
              -MigrationPackageAzureLocations = $azurePkg
              -Credentials $creds

Note for Credentials:
SharePoint Online Credentials that has admin rights on Final Destination Site




Step 6 - Migration from Azure Storage to Destination (SPO, O365, OD4B etc.)







Once the package is submitted; now actual migration is happening between Azure Storage and Destination (SharePoint Online, Office 365, OneDrive for Business etc.). This migration process is based on Azure Timer Job which is a queue and serves on first come first server basis in a parallel fashion and not impacting or preventing other timer jobs executed at the same time. 




The real-time progress of the timer job can be viewed on Azure Storage Account queue and logs can be viewed in the Manifest Container of Azure BLOB Storage.




Note:

All the above process and scripts can be saved in a single PowerShell script (.PS1) file and re-use any time.





$Office365LoginID = "admin@bhmconsultings.onmicrosoft.com"

$adminSite = "https://bhmconsultings-admin.sharepoint.com"

$sourceFilePath = "C:\migration\SourceData\"

$packagePath = "C:\migration\SourcePackage"

$targetWebUrl = "https://bhmconsultings.sharepoint.com/sites/{target site name}"

$targetPackage = "C:\migration\TargetPackage"

$targetLibrary = "{Taregt Library Name. For examples 'Shared Documents'}"

$azureStorageAccountName = "{Azure Storage Account Name}"

$azureStorageAccountKey = "{Azure Storage Account Key}"

$azureStorageQueueName = "{Azure Storage Queue Name}"




#Get Credentials 

$credentials = Get-Credential {Office365 Login ID}




#Create package and upload to Azure Temporary Storage

New-SPOMigrationPackage 

-SourceFilesPath $sourceFilePath 

-OutputPackagePath $packagePath




#For On-Premises SharePoint migration ONLY 

ConvertTo-SPOMigrationTargetedPackage 

-TargetWebUrl $targetWebUrl 

-SourceFilesPath $sourceFilePath 

-SourcePackagePath $packagePath 

-OutputPackagePath $targetPackage 

-TargetDocumentLibraryPath $targetLibrary 

-Credentials $credentials




#Ready package for migration from Azure Storage to Destination

$SourcePackageInAzureStorage = Set-SPOMigrationPackageAzureSource 

               -SourceFilesPath $sourceFilePath 

               -SourcePackagePath $targetPackage 

               -AccountName $azureStorageAccountName 

               -AccountKey $azureStorageAccountKey 

               -AzureQueueName $azureStorageQueueName







#Submit above Package for Migration to Destination

Submit-SPOMigrationJob 

-TargetWebUrl $targetWebUrl 

-MigrationPackageAzureLocations $SourcePackageInAzureStorage-Credentials $credentials 







Migration Benefits and Limitations





The biggest benefit of using SharePoint New Migration API is SPEED which is 5 - 10 times faster (depending on the complexity) than using any exiting technology who are not using 

New APIs.



There are some minor limitations as well.

1. Need to manage Azure Storage for temporary storage of the package until migration is done and related cost.

2.Trust Microsoft Azure to send migration package for temporary storage



3. Azure Storage Limit = 500 TB



4. Max Size of Single BLOB container, queue, table = 500 TB



5. Target throughtput for single BLOB = 500 requests per second OR 60 MB per second



6 . See SharePoint Online and OneDrive for Business limitations here





Happy SharePoint Migration.

What's new in SharePoint 2016 Preview

What's new in SharePoint 2016 Preview

Microsoft made huge investments in SharePoint products and always added more and more value into the product. Since the inception of SharePoint in 2001; SharePoint made serious progress in the product and now I am passionately welcoming SharePoint 2016 product. 

SharePoint 2016 Roles and Services

SharePoint 2016 placed Services into 3 main Roles

1 - User Services: 

Sync Client

OneNote

User Profile

Page Rendering

Excel Services

Sandbox Code

Project

Subscription Settings

2 - Robot Services:

Provisioning 

Timer Jobs

Search

3 - Caching Services:

Caching

Note:

SharePoint 2016 consolidated into one single machine reducing the number of discrete roles

MinRole Roles and Services

WebFrontEnd: For End User requests and servers for WebFrontEnd Role are optimized for low latency

Application: For back-end jobs or requests coming from back-end jobs and servers are optimized for high throughput

Specialized Load: 3rd Part services which are needed to be isolated from other SharePoint Services

DistributedCache: Manage distributed cache for the whole SharePoint Farm.

Note:

There is a new feature in SharePoint 2016 to analyze MinRole enforcement where Health Analyzer scans each server in the farm daily except servers with Specialized Load Role and compares service instances on the server against expected configuration. There is Fix Button as well to fix the problem right there.

New SharePoint 2016 Server Patching Strategy

Good news for SharePoint Administrator and especially business stakeholders that in order to minimize down-time of SharePoint 2016 Farms; Microsoft introduced minimal update footprint capability that means reduced number of MSI and MSP and patch updates are available for in-place and online installations. No more monthly CUs

SharePoint 2016 Boundaries and Limits

SharePoint Content Database : Terabytes

Site Collections per Content Database: 100,000 per site collection

List Threshold: Greater Than 5,000 with Auto Indexing option to manage larger lists

MaxFile Size: 10GB and no more character restrictions

Search Index Items: Search Scale increases up to 2 times and 500 million items

User Profile Service Application

Microsoft removed built-in User Profile Service Application / FIM Service. 

Hurray (I know many readers will start smiling or sending SMS to friends/groups/facebook etc. or even celebrating).

Active Directory Import still exist via native Active Directory Synchronization but User Profile Synchronization is being removed. 

Note:

If some organisations still want this capability; they need to setup FIM Server/Farm outside SharePoint 2016 Farm and configure it.

Profile Page powered by Office 365 Delve

SharePoint 2016 introduced a new Service Application integrated with office 365 Delve and Office Graph. Delve will be a vital part of SharePoint 2016 product. The Power of Office 365 Delve and Office Graph can now also be applied to SharePoint 2016 On-Premises Farm content as well as the the integrated cloud.

Cloud Search Service Application

SharePoint 2016 Search Service Application enables the Hybrid capability so the Cloud Search will crawl on-premises content source and feed it to Office 365 Search Index. The Cloud Search Service Application will unify on-premises and cloud search indexes and provide Search as a Service for the organisation Search Requirements.

I planned to write detailed blog on the Cloud Search Service Application very soon.

New hybrid Extranet Capability 

SharePoint 2016 leverages Office365 Identity Federation Services and capable to publish internal sites to Extranets.

Upgrade from SharePoint 201X to SharePoint 2016

There is no upgrade option directly from SharePoint 2010 to 2016. SharePoint 2010 sites and databases need to upgrade to SharePoint 2013 first using the database-attach method and the same way to upgrade to SharePoint 2016.

Note:
More knowledge-base articles for SharePoint 2016 are coming. Stay tuned.

Happy SharePointing

SharePoint 2016

SharePoint 2016 IT Preview First Hand Knowledge

1 - Minimum Hardware & Software Requirements for On-Premises Deployments

Minimum Hardware Requirements

Database and SharePoint Servers: 64 bits, 4 Cores with 12-16GB RAM
                                                            System Drive : 80GB
                                                            Other Drive(s) : 100GB

Minimum Software Requirements

• Operating System: Windows Server 2012 R2 or Windows Server Technical Preview
• .NET Framework: .NET 4.5.2 Framework for Windows Server 2012 R2
                                   .NET 4.6 Framework for Windows Server Technical Preview
• Database Server:    SQL Server 2014
• Pre-requisites:        Similar as SP 2013 and all prerequisites can be installed manually or by                                      SharePoint 2016 prerequisite installer itself if not installed earlier.                                                Following are the required prerequisites
• Application Server or Web Server (IIS) Role 
• Microsoft SQL Server 2012 Native Client
• Microsoft ODBC Driver 11 for SQL Server
• Microsoft Sync Framework Runtime v1.0 SP1 (x64)
• Windows Server AppFabric 1.1
• CU Package 1 for Microsoft AppFabric 1.1 for Windows Server (KB2671763)
• Microsoft Identity Extensions
• Microsoft Information Protection and Control Client
• Microsoft WCF Data Services 5.0
• Update for Microsoft .NET Frameworj to disable RC4 in Transport Layer Security (KB2898850)
• Visual C++ Redistributable Package for Visual Studio 2013

2 - SharePoint Server Roles

SP 2016 IT Preview introduced MinRole feature so in SharePoint 2016 IT Preview can specify the SharePoint Server Role at the time of creating a new farm topology or at the time of joining an existing farm. All the required services will installed and configured automatically by SharePoint as per defined server role in an optimized way.

SharePoint 2016 IT Preview currently 5 types of server roles for an enterprise topology

• Front End / Web Front End - For Web Front End related components
• Application - For Background Services and Service Applications
• Distributed Cache - For Distributed Caching
• Search - Search Components, Services and Service Application
• Custom - For all custom services that can't integrate in MinRole

Also MinRole also introduced a new parameter for PSConfig Command named LocalServerRole to specify the role at the time of SharePoint Configuration. The available values for this new parameter are

• WebFrontEnd
• Application
• DistributedCache
• Search
• SpecialLoad
• SingleServerFarm

3 - PSConfig Command Example

PSConfig.exe -cmd configdb  -create –server Name of Database Server –database Name of SharePoint 2016 Configuration Database –user SPFarm Service Account –password SPFarm Service Account Password –passphrase SharePoint 2016 Farm Passphrase                                      –admincontentdatabase Central Admin Database Name -localserverrole WebFrontEnd


There is also a user-interface option available for this configuration using PSConfigUI.exe

4 - Upgrade and Migration

SharePoint 2016 supports Database-Attach upgrade method from SharePoint 2013 to SharePoint 2016. The steps for the Database-Attach upgrade method are

• Build and Configure SharePoint 2016 Farm
• Copy all the content and service applications databases
• Create Web Applications and Site Collections
• Attach previous copied databases with the new web applications

and you upgraded them to SharePoint 2016.

Note:
More knowledge-base articles for SharePoint 2016 are coming. Stay tuned.

Happy SharePointing