MinRole is a new farm topology based on a set of predefined server
roles introduced in SharePoint Server 2016. When configuring your SharePoint
farm, you now select the role of a server when you create a new farm or join a
server to an existing farm. SharePoint will automatically configure the
services on each server based on the server's role. SharePoint Server 2016 has
been optimized for the MinRole farm topology.
After we followed the Microsoft instructions to configure the
SharePoint 2016 servers as Front-end with Distributed Cache, Application,
Application with Search, we found one issue. All wsp solutions deployed
to ALL the servers including WFE, search and app servers!
After looking at the server role in details, we found “Microsoft
SharePoint Foundation Web Application” service enabled as default for “Application”
role and “Application with Search” role. This will cause few major issues but
not limited as listed below.
1. Third party license issues. Most of the third party solutions are licensed by WFEs that is
defined that server is running “Microsoft SharePoint Foundation Web
Application” service. You may run into license issues if all servers have the
service running.
3. Potential security issues. The application servers or the search servers can also accept the
call event they may not intended to server the end users request. This may cause
security concerns since most WFE are behind load balancer.
We have seen people to create custom role to avoid this issue.
It looks like a "disaster" to include the “Microsoft SharePoint
Foundation Web Application” service in the “Application” MinRole.
We have discussed with Microsoft to move the following two services to WFE so we have two custom MinRoles for WFE and App servers. If you need to migrate the default MinRole to custom MinRole, you could refer following two articles.
We have discussed with Microsoft to move the following two services to WFE so we have two custom MinRoles for WFE and App servers. If you need to migrate the default MinRole to custom MinRole, you could refer following two articles.
No comments:
Post a Comment