ArchitectureThe SharePoint platform is a flexible, n-tier service-oriented architecture (SOA). It can be scaled down to operate entirely from one machine, or scaled up to be managed across hundreds of machines.
FarmsA SharePoint farm is a logical grouping of SharePoint servers that share common resources.A farm will typically operate stand-alone, but it can also subscribe to functionality from another farm, or provide functionality to another farm. Each farm has its own central configuration database, which is managed through either a PowerShell interface, or a Central Administration website (which relies partially on PowerShell's infrastructure). Each server in the farm is able to directly interface with the central configuration database. Servers use this to configure services (e.g. IIS, windows features, database connections) to match the requirements of the farm, and to report server health issues, resource allocation issues, etc.
Web applicationsWeb Applications (WAs) are top-level containers for content in a SharePoint farm, and are typically the interface through which a user interacts with SharePoint. A web application is associated with a set of access mappings or URLs which are defined in the SharePoint central management console, then automatically replicated into the IIS configuration of every server configured in the farm. WAs are typically independent of each other, have their own application pools, and can be restarted independently in Internet Information Services.
Site collectionsA site collection is used to provide a grouping of 'SharePoint Sites'. Each web application will typically have at least one site collection. Site collections may be associated with their own content databases, or they may share a content database with other site collections in the same web application.
Service applicationsService Applications (SAs) provide granular pieces of SharePoint functionality to other web and service applications in the farm. Examples of service applications include the User Profile Sync service, and the Search Indexing service. An SA can be turned off, exist on one server, or be load-balanced across many servers in a farm. SAs are designed to be as independent as possible, so that — depending on the SA — restarting an SA, experiencing an SA failure, or misconfiguring an SA may not necessarily prevent the farm from operating. Each SA enabled on the farm typically has its own process that requires a certain amount of RAM to operate, and typically also has its own configuration database and Active Directory (AD) service account. SharePoint Server and SharePoint Enterprise include all the SharePoint Foundation SAs, as well as additional SAs.
Administration and securityThe modular nature of SharePoint's architecture enables a secure 'least-privileges' execution permission best practice.
SharePoint Central Administration (the CA) is a web application that typically exists on a single server in the farm, however it is also able to be deployed for redundancy to multiple servers.This application provides a complete centralized management interface for web & service applications in the SharePoint farm, including AD account management for web & service applications. In the event of the failure of the CA, Windows PowerShell is typically used on the CA server to reconfigure the farm.
The structure of the SharePoint platform enables multiple WAs to exist on a single farm. In a shared (cloud) hosting environment, owners of these WAs may require their own management console. The SharePoint 'Tenant Administration' (TA) is an optional web application used by web application owners to manage how their web application interacts with the shared resources in the farm.