SharePoint Ports, Proxies and Protocols .... An overview of farm communications
During November 2008 Martin Kearn and Pete Reid worked on a session at the TechEd 2008 conference in Barcelona entitled "SharePoint Ports, Protocols and Proxies. An end-to-end overview of SharePoint inter-server communication" (OFC402). The slides from the TechEd presentation can be found here, these include more detail than is presented in this article.
The session talked in great detail about how the various servers in the SharePoint farm communicate with each other and this article is a summary of the key messages from that talk.
Why is this important to understand?
So the first question is "why do we care about farm communications"? .... There are three reasons why every SharePoint architect, consultant (insert SharePoint-related role here) should know about this stuff and they are as follows:
- 1. Secured or ‘locked down' farms may have servers on different network segments and you may have to configure firewalls to only let the minimum traffic through. Without know what traffic needs to go where, this is a very difficult process.
- 2. Understanding network activities is very useful when trying to troubleshoot strange problems since SharePoint does not do a great job of reporting when there are network issues preventing something from working.
- 3. Windows Server 2008 and SQL 2008 are both ‘locked down' by default. Meaning that a fresh install of Windows Server 2008 will have everything disabled in Windows Firewall. Clearly you could simply enable all inbound / outbound communications (and I've done that once or twice myself in the past! J) but that kind of defeats the point. It is much better to understand what traffic is coming in and out of the server and open ports as necessary.
SharePoint Transport Protocols
All traffic within SharePoint occurs over one of three transport protocols, they are:
- SQL Server Tabular Data Stream (TDS). This is the protocol that handles all traffic in and out of SQL. By default this occurs on port TCP:1443 but named instances of SQL will have a random port assigned.
- Server Message Block (SMB). Rather surprisingly, this ancient file-sharing protocol is used extensively for search and query operations with SharePoint. This occurs on port TCP:445 or TCP:137,138,139 (over NetBIOS).
- Hyper Text Transfer Protocol (HTTP). No big surprise here, HTTP handles all incoming traffic and inter-farm web service calls. This normally incoming traffic occurs over ports TCP:80 or TCP:443 (SSL) but this depends on how your Web Applications have been configured. Shared Service Provider web service calls occur on ports 56737 and 56738 (SSL).
In addition to the above, SharePoint obviously has to communicate with other servers such as Active Directory, DNS etc which require other ports, they are as follows:
- AD Authentication: Occurs on TCP:445 or TCP:88 (Kerberos)
- LDAP: Occurs on LDAP:389 and LDAPS:636
- DNS: occurs on TCP:53
- SMTP: Occurs on TCP:25
Inter-Server Communication
The term ‘Inter-Server' is used to describe traffic which occurs between servers inside the SharePoint farm. This includes the SQL server. The vast majority of traffic in this area is traffic to and from SQL server, which is why people always say that the SQL is the most important server in the SharePoint farm. This diagram describes the inter-server traffic. A large version of this image can be found here.
Extra-Server Communication
The term ‘Extra-Server' is used to describe traffic that occurs between the SharePoint farm and other servers. This would typically include AD, DNSD etc but you must also consider any external Indexing and BDC connections. This diagram describes the extra-server traffic, a larger version can be found here.
Client-Server Communication
Client server communication refers to all traffic between the SharePoint farm and clients which may include Office, Browsers, and SharePoint Designer etc. All of this traffic occurs over HTTP and only ever interfaces with the Web Front End server. None of the other servers in the SharePoint farm handle client-server traffic. This diagram describes Client-Server communications, a larger version can be found here.
SharePoint Protocols
The actual communications that occur within SharePoint happen using a wide range of SharePoint-specific protocols. These protocols are documented in great detail here; additionally there are similar documents for Office protocols here.
The documents contained in the above links include a massive amount of detail on how specific operations within SharePoint occur. For example, if you want to know which servers, stored procedures and other protocols are involved when you interact with the recycle bin, check out ‘[MS-WSSCADM]: Windows SharePoint Services Content Database Administrative Communications Protocol Specification‘.
These documents are a great resource for really understanding the low-level details of what your SharePoint servers are doing.
Search Specifics
One of the main type of Inter-Server communication is based around Search and Indexing. Interestingly, the communications channels used are primarily SMB which means that SMB must be allowed through firewalls if different servers are on different network segments.
Search & Index has 3 main types of activity, they are as follows:
- Search Administration. This is simple HTTP traffic to the Office SharePoint Server Web Services which occurs on ports TCP:56737 and TCP:56738 (SSL). This is used to administer the Search service.
- Search Crawling: This is the process of eth Index server crawling SharePoint and external content. During a crawl there is heavy traffic both between eth Index server and the content and the Index Server and SQL
- Search Index Propagation: During an crawl, the Index Server will propagate the indexes to the Query server. This occurs throughout the indexing process (it does not wait until indexing has complete to propagate). This communication occurs over SMB which means that an SMB channel must be open between eth Index and Query servers.
- Search Query Execution: This is the process of a user executing a query on eth Web Front End Server and it being passed to the Query server for execution. This also occurs over SMB which means that an SMB channel must be open between you Web Front End and Query Servers.
Tools
In terms of troubleshooting, there are three tools that are invaluable in terms of understanding network communications, they are:
- SQL profiler. This is a tool that has been package with SQL for many years now. Profiler essentially allows you to view exactly what is happening inside SQL. If you use this in conjunction with teh SharePoint protocol documents you will be able to see specific stored procedures being executed when certain activities happen.
- WireShark. This is a physical packet sniffer that can be used to examine all network packets. You can download WireShark here.
- Fiddler. This is a HTTP debugging application that can be used to examine HTTP traffic. This is simpler than WireShark but will not cover TDS or SMB (which WireShark will). You can download Fiddler here.
Resources
This is a list of useful resource related to this topic:
Tools:
- Fiddler: https://www.fiddlertool.com/
- WireShark: https://www.wireshark.org/
Protocol Documents:
- Office protocol documents: https://msdn.microsoft.com/en-us/library/cc307432.aspx
- SharePoint protocol documents: https://msdn.microsoft.com/en-us/library/cc339473.aspx
TechNet Articles
- Plan security hardening for extranet environments: https://technet.microsoft.com/en-us/library/cc262834.aspx
- Plan for secure communication within a server farm: https://technet.microsoft.com/en-us/library/cc263077.aspx
- Plan security hardening for server roles within a server farm: https://technet.microsoft.com/en-us/library/cc262849.aspx
That is the end of the article, I hope you found it useful.
This article was published by
Martin Kearn Senior Consultant Microsoft Consulting Services UK Martin.Kearn@Microsoft.com |
SharePointPortsProtocolsProxies_TechEd2008.pptx
Comments
Anonymous
January 06, 2009
Great first up post on your new blog folks, think its a great idea to combine forces. Glad you went with a pretty standard name for the blog too, would hate to think what would have happened if you had left it up to Nigel. I still remember SPUM!!! <grin> Graham, you still out there? That goldfish bowl needs some new fish! Though the Windows Folder Web Part was a tough one to follow! DanielAnonymous
January 07, 2009
nice post. worth noting that the OWS site and therefore Shared Services Web Services are installed on every server in the farm (not just WFEs) and as such the 56737/8 comms take place intra-farm with all farm members. It would also be cool to see a follow up detailing inter-farm comms (i.e. inter-farm shared services)Anonymous
February 02, 2009
Thanks for the nice post. Hope you have noticed that the people picker requires Global Catalog ports open. There's a good article about this: http://blogs.technet.com/wbaer/archive/2009/01/21/people-picker-port-protocol-requirements.aspxAnonymous
February 04, 2009
Following on from the blog that Martin Kearn posted , I wanted to expand on some of the mysteries ofAnonymous
April 20, 2009
A SharePoint farm is an extremely "chatty" environment. A lot of inter server communications keeps onAnonymous
January 22, 2010
Informative article about ports and communication b/w server in sharepoint farm. Got a Gud gyan on farm communication. Thank you... I was actually lookin help on trouble shooting propagation to query server which was fine few days back. Thank you Ram pulipatir@gmail.comAnonymous
September 26, 2010
Is this applicable for SharePoint 2010 farm communication as well?Anonymous
November 18, 2010
Hi Martin, This article and the PPT are great. Have you got the same thing for SharePoint 2010 in terms of communication ports to open please?Anonymous
November 07, 2012
Very useful. Thanks for your posting.Anonymous
February 05, 2013
The comment has been removedAnonymous
December 23, 2014
Great article Martin! Image links seem to have broken - can these be re-added please? Thanks!Anonymous
February 09, 2015
the pictures are not loading