Wednesday, April 10, 2013

Two New Best Practices for SharePoint 2013

While debating application pool layout for a customer's solution, I ran across some info, which I had briefly read over in the past, but now is causing me to rethink my design approach drastically from that of 2010 farm architectures.

The following best practices were spelled out by Steve Walker, Senior Program Manager at Microsoft, during the SPC119 session at the SharePoint Conference  2012 in Las Vegas, Nevada.

SharePoint 2013 best practices for Web Applications is to create only 1 web application and using host-named site collections as opposed to path-based site collections with multiple web apps. This dove-tails into another SharePoint 2013 best practice for application pools. SharePoint 2013 best practices for application pools is to create one for all services.

Legacy Topology – Multiple Web Apps

  • Each Application Pool requires additional resources on each Web Role Machine
  • Caching of common assemblies alone is significant overhead
  • Leads to multiple farm architectures very quickly with high numbers of web applications !!

Recommended Logical Topology

  • One Web application, one zone
    • Have a good business reason why you deviate from this
  • One IIS Website; "SharePoint" (Application Pool)
  • Use Host-named Site Collections (HNSC's)
    • Scales Better
    • Reduced Resource Consumption (Memory for App Pools, Cache, etc)
    • Mitigates x-site scripting risks the same as multiple web apps
    • SSA (Secure Site Access) - You can still have multiple host names !

NOTE: SharePoint 2013 supports both path-based and host-named site collections. The primary difference between path-based and host-named site collections is that all path-based site collections in a web application share the same host name (DNS name), and each host-named site collection in a web application is assigned a unique DNS name. You must use Windows PowerShell to create a host-named site collection. For more information about host-named site collections, see Plan for host-named site collections in SharePoint 2013.

How to create Host Named Site Collections:
  • Remember to add the site collection's hostheader to DNS (or hosts file)
  • Remember to check/update IIS Bindings with site collection hostheader


  1. Hi Rick,

    is the above approach also achievable in SharePoint Server 2010?

  2. Lukasz,

    Yes, host-based site collections are supported in 2010. However, it did not become Microsoft's recommendation until 2013. If ytu decided to give it a shot with 2010, let me know your results, specifically performance.

  3. I'd be concerned with a single point of failure. I still see value in running separate app pools for highly customized sites where there may be some server side code running but have no problem with this if you're running vanilla collaboration sites.

  4. It's been some time since your comment questioning the sales-speak-ness of Microsoft's change...have you embraced hostname-based SCs since then?

    1. This comment has been removed by the author.

    2. Darren,

      I have embraced for a couple of reasons, most notably the SharePoint app model. Taken from MS Technet > "Host-named site collections are the preferred method to deploy sites in SharePoint 2013. Because the Office 365 environment uses host-named site collections, new features are optimized for these site collections and they are expected to be more reliable." -

      They also allow for more site collection names etc...

      (So.. you can see, MS is "optimizing" new features for HNSC's... another way to gently push us in the direction of HNSC's... which just so happens to already be in place on the cloud... ...come on over... the cloud will solve all your ills... (as well as provide another income stream for MS)

    3. Thanks, I'm ready to drink the kool-aid :)

  5. I am a beginner in SharePoint and have just signed up for free SharePoint hosting solutions with In future, I am planning to expand the horizon of my SharePoint usage then I would need help from experts such as you to understand things like this better. Thanks.

  6. The sad scenario is that the cyber crime monster is nowhere near being tamed. There has been a steady rise in the number of threats identified each year. best cloud security companies