Excerpt by Doug Ware
When you access a SharePoint site with any type of client application, including the browser, you are first accessing a site collection that contains the site you ultimately want to access. A site collection contains one top-level, or root, web, and zero or more subsites. The site collection acts as the root unit of authorization for all the webs it contains and it can exist at the root of a Web application or under another site collection.
A very important difference between a site collection and a web is that the site collection acts as a boundary for both security and aggregations. This distinction often trips people up and can cause some frustration. SharePoint has a number of mechanisms for querying and aggregating information, but they are generally limited to the confines of a site collection. Most SharePoint items with which a user interacts exist within the context of a site collection, and an individual user can have permission to access many site collections.
However, each site collection has different permission sets. In this respect, you can think of query visibility as similar to the data in two different databases that you want to aggregate by using a SQL query. In the case of databases, you generally have to use some sort of extension or intermediate step to create the correct result set. The same is true of data in two site collections.
Logical Site Hierarchy Example
It is tempting to think of a site collection as the top of a hierarchy of webs, as shown in Figure 1, because a site collection is assigned a URL when a user creates it, but this is not correct.
Single Site Collection Example
A more accurate depiction of a site collection is as a container that has one or more webs. The root web uses the URL that the user specifies during the site collection's creation. Consider a simple company portal that is configured as follows:
This topology is certainly functional, but what if the Accounting web needs a different security model and is the property of the accounting department including responsibility for user management? If so, it is possible to preserve the URL scheme with a little extra configuration and use multiple site collections instead of a single site collection containing every subsite.
Partitioning with Site Collections
By default, when you create a new site collection using SharePoint Central Administration, the URL will be something like http://myserver/sites/newsite. The sites portion of the URL is called a managed path. Conversely, the page to create a new subsite allows you to specify the URL without the sites element, and if you want to create newsite as a subsite instead of a site collection, the URL will be http://myserver/newsite.
Consider the example shown in Figure 2. This URL scheme requires additional configuration to implement, but duplicates with site collections the URL scheme of the subsite for the accounting web.
You can duplicate the URL scheme used for a subsite with a site collection by defining a managed path.
This post is an excerpt from the online courseware for our Microsoft SharePoint 2010 for Developers course written by expert Doug Ware.