Upload
toni-frankola
View
1.507
Download
6
Embed Size (px)
Citation preview
SharePoint Governance: stories, myths,legends and real life
Toni Frankola @tonifrankola
SharePoint MVPAcceleratio Ltd,. Croatia
Grant, addDelete, remove
Clone, transfer
Generate entire SharePoint documentation, check the custom solutions, save farm deployment.
Analyze and manage permissions live: clone, transfer, create groups, add or remove users.
Monitor farm health, track changes and compare. Report on site contents and audit farm setup.
One solution for all your SharePoint troubles…
Farm Assessment
Permissions Farm Audit Save time! Single
console!
Validate!
Explore and compare SharePoint Online permissions.
Review all your Office 365 tenants, licenses
and subscriptions.
Track changes and monitor users Exchange Online data.
GroupsUsers
Administrators
One tool for entire Office 365…
Tenant Overview
Permissions ReportsReview all! Save time! Examine!
Compare
The size of digital universe
4 ZB2013
44 ZB2020
OneDrive storage plans change in pursuit of productivity and collaboration
…a small number of users backed up numerous PCs and stored entire movie collections and DVR recordings. In some instances, this exceeded 75 TB per user or 14,000 times the average.
The goals for this session• Demystify SharePoint Governance• Rules for governance plan• Forming a governance team• Creating a sample governance plan• Policy / Responsibility / Process• 4 examples of processes for implementing policies
FACT: NOBODY REALLY LIKES GOVERNANCE
• Time consuming• Costly• Outcome is difficult to measure
Why don’t we do SharePoint governance?
• SharePoint Governance is only important for large deployments.• SharePoint Governance is a book. A big book.• We don’t have people for real governance board.• Governance is nothing more than consultancy hours
What is SharePoint Governance?Governance is the set of policies, roles, responsibilities, and processes that control how an organization's business divisions and IT teams work together to achieve its goals.
(Microsoft)
Low Medium High0
1
2
3
4
5
6
IT Management; 2
Information management; 4
Security management; 3
Application management; 5
Governance effort per SharePoint maturityGO
VERN
ANCE
EFF
ORT
Typic
al am
ount
of go
verna
nce
Proportion of site types in a typical environment
Central published site (Intranet home page)
Departmental site
Group and team sites
Projects and workspaces
Personal sites (My Sites)
Governance and Site Types
SP G
over
nanc
e A. IT Governance (S+S)
A1. Security, infra, and web app policies
A2. Data protection (backup + rec)
A3. Site policies
A4. Quotas
A5. Asset classification
B. Information management (content)
B1. Architecture
B2. Access
B3. Management tools
C. Application management (Custom Solutions)
C1. Customization policy
C2. Branding
C3. Custom Solutions / Apps
A. IT Governance (Software + Services)
A1. Security, infra, and web app policies• How is the system and infrastructure maintained?• Hardware, Software, Updates, Services Running
• Who has access at what levels?• Privileged Access
• Permissions(a topic for a dedicated conference)
A1-A. Deployment governance• Track installations
Use AD.
• Block installationsSP, SPD, InfoPath
• Keep current with software updatesKeep your servers current. Test and install recommended software updates.
• Site collection upgradesSite collections can now be upgraded independently from the content databases.
A1-B Permissions• Share with external users (who and what)• SharePoint Groups (when and how many)• AD groups• Clean up and testing
A2. Data Protection • Backup and restore• Frequency• Level
• Software boundaries and limits for SharePoint (2007/2010/2013)Limit Maximum value Limit type NotesNumber of content databases 500 per farm Supported The maximum number of content
databases per farm is 500. Content database size (general usage scenarios)
200 GB per content database
Supported The default file size is 50 MB, which can be increased to a maximum of 2 GB.
Content database size (all usage scenarios)
4 TB per content database Supported Content databases of up to 4 TB are supported*
A3. Site policies• Site Lifecycles• Site Deletion• Site Creation• Management
A4. Quotas• How much data can be stored in a site collection• Maximum size of uploaded files• Database growth predictions
B. Information management (content)Versions, Records, Information Architecture
C. Application management (Custom Solutions)Proces for piloting and testing solutionsGuidelines for packaging and deploying customizationsGuidelines for updating customizationsApproved tools for customizations
C2. Lifecycle management
Development Pre-production Production
Test new and updated apps and solutions
Control source code and use versioning
Keep environments in sync to get best results from testing
Sync Sync
C3. Branding• Custom Logo + Custom Theme
• Master Pages• Localization• Responsive
Myth 1: Governance is important only for large deployments
“We just want to collaborate”
Creating SharePoint artifacts without a plan(Infrastructure, Information Architecture)
No Enterprise Content ManagementNo permissions concept, archiving, no retention
SharePlosion(can happen with relatively small amounts of content)
How did this happen?
Inadequate infrastructure
No information architecture No security concept Wild
customizations No proper training Governance hell
What is SharePoint Governance?Governance is the set of policies, roles, responsibilities, and processes that control how an organization's business divisions and IT teams work together to achieve its goals.(Microsoft)
Policy Role / Responsibility Process
CDB cannot contain more than 20 SCs Farm Admin
Weekly: Create CDBs / Move SCs /
Delete SCs
Myth 2: The Governance Plan
The SharePoint Governance Plan is a guidebook outlining the administration, maintenance, and support of X Corporation’s SharePoint environments. It identifies lines of ownership for both business and technical teams, defining who is responsible for what areas of the system. Furthermore it establishes rules for appropriate usage of the SharePoint environments.
Microsoft SharePoint Governance Template
Myth 2: The Governance Plan
Governance plan• Small and concise• Bullets, posters• Wiki
Policy Role / Responsibility Process
Policies Roles/Responsibilities Processes
IT Governance
Information management
Security Management
Application management
Your Governance Plan
Your governance plan
Don’t try to cover everything.
Make sure that the Governance Body has authority to decide and react quickly.
Myth 3: The Governance Body
We recommend that you create a team from various disciplines across your organization to develop and maintain these policies. Include people from as many roles as possible.
Microsoft Technet
https://technet.microsoft.com/en-us/library/cc263356.aspx
Governance team
https://technet.microsoft.com/en-us/library/cc263356.aspx
Your Governance team
Governance Body
Enterprise Architect
Project Lead(s)
[Business]
Lead SP Admin
Lead Software Architect
Workers council
ComplianceOfficer
RiskOfficer
Data Privacy officer
SP Influencers
Project Sponsor
Myth 3: The Governance Body
Focus on needs and resources Keep it small Authority to
decide
Real world example: Large Real Estate customer
Real world example
8.000Site Collections
CRM
Real world example
• Auto-provisioned from external system (CRM)• 200-10000 documents (avg. 500)• 24 Security Groups• 4 groups with prepopulated membership (CRM)• “Nested” through group owners• Hierarchical permissions management• “Managers” can break permission inheritance• 60 Content types. CT Inheritance• Records management (InPlace + DM)• Site policies according to Project Lifecycle
RE FARM
Governance ChallengesFarm health
Permissions
Content types
Content monitoring
ECM
Applications
Policies Roles/Responsibilities Processes
IT Management
Information management
Security Management
Application management
Your Governance Plan
IT/SP ManagementPolicy Role/Responsibility Process
Measure network latency
Network latency cannot be larger than X
Chief Network Administrator, Mr. John Smith
Tool X will be configured to automatically measure network latency in 10-days intervals. If latency is larger than X...
SP Logs Hard drives size
Drive partitions where log drives are stored cannot be used more than 75%
Chief Network Administrator, deputy Mr. Adam Doe
SC will be configured to monitor drives, and to archive logs...
SP Health check Regular SP Farm health check
Chief Network Administrator, Mr. John Smith
Tool X will be used to...
SP Best practices Regular SP Best Practices monitoring
Chief Network Administrator, Mr. John Smith
A tool will be used to automatically monitor SP Best Practices every week and to report
Challenge 1: SharePoint Farm Health
• SharePoint Farm Status• SharePoint Best Practices
Infrastructure / SharePointPolicy Role/Responsibility Process
Best Practice SharePoint Logs have to be stored on a separate drive
Chief Network Administrator, Mr. John Smith
Best Practices check to determine if Logs are in proper location
Best Practice Loopback Check disabled
Chief Network Administrator deputy Mr. Adam Doe
Best Practices check to determine if loopback check is configured properly
SharePoint Best practices• Microsoft TechNet• PowerShell / Central Admin• SPDocKit SharePoint Best Practices Portal
https://bp.spdockit.com
Challenge 2: Dead content
• Documents not accessed• Documents whose authors are not....
Information ManagementPolicy Role/Responsibility Process
Site structure Project sites can contain only predefined libraries
Chief Network Administrator, Mr. John Smith
Use SharePoint Manager, or PowerShell script A, to identify project sites with custom document libraries
Dead content Dispose of the content that is unused since 6 months
Chief Network Administrator deputy Mr. Adam Doe
Once a month use PowerShell to locate content which is not used since 6 months, and inform the content owners...
Sites in retention Regular SP Farm health check
Compliance officer, Ms Anna Smith, Chief Network Administrator...
PowerShell Script X will be executed every Monday which finds the site collections that...
Content types Content types are provisioned only through the CTH
Taxonomy officer, Ms Jane Smith, Chief Network Administrator...
PowerShell Script Y will be executed every Monday which iterates the site collections...
Challenge 3: Permission governance
• Reporting permissions for sites and users• SharePoint Group and Permission level management• Permission inheritance
Permissions and securityPolicy Role/Responsibility Process
Item level permissions No item level permissions are enabled in the “Reports” library
Chief Network Administrator X, Compliance Officer Y
Develop security event receiver that prevents breaking permissions on the item level in the document library “Reports”
Auditors Every six months, enable auditing process on the “Reports” library
Chief Network Administrator X, Compliance Officer Y
On demand, use code to create Permission Level and SharePoint Group for Auditors, so they can access content in the “Reports” library
External Users (Microsoft Account)
External users are not allowed in library “Reports”
Chief Network Administrator X, Compliance Officer Y
PowerShell Script X will be executed every day which finds and removes external users...
Group Owners Project Managers SP Group is owner of all other SP Groups
Chief Network Administrator X, Compliance Officer Y
PowerShell Script Y will be executed every Monday which iterates the site collections...
Challenge 4: Customizations governance
• Assert the necessity of customization• Code quality
ApplicationsPolicy Role/Responsibility Process
Custom code policy in portal site
In the portal site, only apps are allowed
Chief Network Administrator, Mr. John Smith
No server side custom code is allowed for deployment in the portal web application. Every 7 days, PowerShell script A will detect...
Server side code in project sites
All server side code in project sites must be approved
Head of Development, Ms Samantha Doe
Before installation of any server side package SPCop / SPCAF will be used for code quality check
.NET 3.5 workflows No .NET 3.5 workflows allowed – only WM or K2...
Head of Development, Ms Samantha Doe
PowerShell Script Y, run once a day, will be used to iterate site collections and detect and deactivate Workflows...
Code quality and tools Coding conventions (your own or Microsoft’s)
StyleCop (stylecop.codeplex.com)
SharePoint server side code quality SPDisposeCheck SPCAF (www.spcaf.com)
Real world use case
• Infrastructure provisioning• Content provisioning and management• Responsibilities, roles and permissions• ECM Policies (Records + Site Policies)
Governance Plan(24 pages)
• Project Sponsor• Project lead• Enterprise Architect• Software Architect
Governance Body
• Governance is necessary for small and large deployments• Demystify governance, keep it straightforward• Keep focus on implementation (processes)
QuestionsThank you!