Monday, February 19, 2018

SharePoint 2013: Considerations when architecting new organizational site


There are several key considerations that need to be considered when developing a new organizational site. These involve the site's logical, data and security architectures. The site's logical architecture involves planning such aspects as the site's: URL path, web application configuration, application pool and service account provisioning and configuration, service application connections, and infrastructure features. Its data architecture involves planning such aspects as the number of site collections to assign per content database and the general relationship of content databases vis a vis the site architecture.  Lastly, the site's security architecture involves planning such aspects as site: user account administration, the use of AD groups and AD structure,  SharePoint user groups and authentication methods. 
In this posting, I consolidate notes associated with planning the architecture of a new organizational site deployed to an existing SharePoint 2013 infrastructure.  The new organization is large, numbering several thousand users and presents a standard organizational hierarchy: company > business unit > department > project.

Logical Architecture

  • Deploy as dedicated web application having dedicated application pool.
  • Use existing default or create custom service application grouping as needed.
  • Publishing Infrastructure site collection feature activated for all site collections.
  • Dedicated site collection for each company business unit.
  • Organizational site root also dedicated site collection.

Data Architecture

  • Each business unit site collection is contained within its own dedicated content database.
  • Root contained within dedicated content database.

Security Architecture

  • Dedicated AD user groups created in organizational domain for each company department.
  • Dedicated global AD user group containing all organizational department user groups.
  • SharePoint user groups populated with departmental and global AD user groups whenever permissions must be assigned across departments or organization.
  • Standard SharePoint user groups and permission levels.


  • Dedicating a web application and application pool to the organizational site enables:
    • Unique domain name
    • Logical grouping within single container (the web application)
    • Maximum separation of web application processes from other organizational processes using the SharePoint infrastructure.

  • Dedicating content databases to business unit site collections greatly facilitates ease of business unit site maintenance, upgrade and capacity management.
  • Populating SharePoint user groups with dedicated AD users groups greatly facilitates user account permissions management.
  • Using a standard AD user group (that contains all of the dedicated departmental AD user groups) when needing to assign permissions across all organizational users greatly reduces the risk associated with using such security principals as Everyone and AUTHENTICATED USERS or the DOMAIN USERS group.


No comments: