Upload
mary-leigh-mackie
View
406
Download
0
Embed Size (px)
Citation preview
Mary Leigh Mackie
@mlmackie | [email protected]
AvePoint – VP, Product Marketing
Enforcing SharePoint 2010
Governance
#SPSBE
#SPSBE04
A big thanks to our sponsors
Venue Sponsor
Platinum Sponsors
Gold Premium Sponsors
Gold Sponsors
AGENDA
• Definition and Purpose of Governance
• SharePoint Governance Challenges
• IT Governance
• Information Governance
• Application Management
• What does SharePoint Governance look like?
• Out of the box capabilities
• When to think about additional technology options
• Final Considerations
KEY PLAYERS OF GOVERNANCE
People
Process
Technology
Policy
GOVERNANCE SPECTRUM
Chaos Restricted
INTRODUCING A GOVERNANCE PLAN
Integration
Applications
Collaboration
Content
TODAY’S FOCUS AREAS FOR SHAREPOINT
GOVERNANCE
Information Governance
Application Management
IT Governance
IT governance of the software itself and the services you provide
Information governance of the content and information that users store in those services.
Application governance of the custom solutions you provide
GOVERNANCE AND SITE TYPES
• Standard administration interfaces
• Quotas, locks, permissions, records
management
• Powershell
• Administrative functions, Data
protection
• SharePoint services and features
• Managed metadata service for
classification
• ISV solutions for management
• SharePoint Designer, Visual Studio Manual Automated
GETTING THE RIGHT TOOLS FOR THE JOB…
WHAT TO GOVERN IN SHAREPOINT?
• Best Practices: Quotas and Limits
• Content: Site lifecycle management
• Social or not?
Asset classification
• Security, Infrastructure and Web Application policies
• Service Level Agreement
Impact = Exposure If this leaks, will it hurt
my business?
Value = Availability If this isn’t available,
can my business run?
IT GOVERNANCE
Centrally Managed Locally
Managed
A successful IT service includes the following elements:
• A governing group defines the initial offerings, policies, and evaluates success of the service
• The policies you develop are communicated to your enterprise and are enforced
• Users are encouraged to use the service and not create their own solutions – installations are tracked
• Multiple services are offered to meet different needs in your organization
Software, Services, and
Sites are hosted and
managed centrally by a core
IT group
Software, Services, and Sites
are hosted and managed
locally by individual groups
SERVICE-LEVEL AGREEMENTS SHOULD
INCLUDE:
• Length of time and approvals necessary to create a site.
• Costs for users/departments.
• Operations-level agreement – which teams perform which operations and how frequently.
• Policies around problem resolution through a help desk.
• Negotiated performance targets for first load of a site, subsequent loads, and performance at remote locations.
• Availability, recovery, load balancing, and failover strategies.
• Customization policies.
• Storage limits for content and sites.
• How to handle inactive or stale sites.
THROTTLING AND LIMITS
Function Limit Configurable
List View Threshold 5,000 (20,000 for admins &
auditors)
Yes, Central Admin/web App
Settings
List View Lookup 8 Yes, Central Admin/web App
Settings
Allow OM Override On by default Yes, Central Admin/web App
Settings
Daily time window None Yes, Central Admin/web App
Settings
Indexes Per List 20 No
Unique Permissions 50,000 Yes, Central Admin/web App
Settings
SharePoint Workspace 30,000 No
SOCIAL
Social Feature Benefits Considerations
Tagging Navigation, Search, Personal Content Control, Security,
Search
Note Board Quick communication Content Control, Security,
Search
Ratings Feedback Usage
Bookmarklets Quick and easy links External links
Expertise Find people Examples, Privacy, Content
Control
Profiles Additional Info Privacy, Content Control
Blogs Knowledge Transfer Corporate Policy
Wikis Knowledge Transfer Performance and Policy
Discussion Boards Knowledge Transfer Moderation and Policy
REPORTS AND INVENTORY OF USAGE
• Web Analytics Reporting
• Traffic
• Search
• Inventory
• PowerShell
• Inventory
• Sites
• Quotas
• Content Types
• Branding
• Customizations
• Security
SIMPLIFYING IT GOVERNANCE
IMPLEMENTATION WITH TECHNOLOGY
CONSIDER 3RD PARTY TOOLS TO:
• Centrally enforce limitations – plans and policies for
• Data Protection, Recovery, and Availability
• Audit Policies
• Permission management
• Scalability in Management
• Giving IT Teams the technology to manage thousands of users
• Terabytes of Content
• Millions of Audit Records
INFORMATION GOVERNANCE
Content is tagged with structured
metadata, permissions are tightly
controlled, content is archived or purged
per retention schedules.
Content is tagged only socially and
not tracked; permissions and
archiving are not controlled or
managed.
Appropriate for: • Structured content
• High-business-impact content
• Personal identifiable information
• Records
Appropriate for: • Low-business-impact
content
• Short-term projects
• Records
• Collaboration
Loosely Managed Highly
Restricted
INFORMATION GOVERNANCE CHALLENGES
Proliferation
INFORMATION ARCHITECTURE
Wireframe & Site Map
Search & Navigation
Managed Metadata
Content Types
Information Architecture
MANAGEMENT CONTROLS AND SCOPES Farm
Web Application Service
Application Zone
Content DB
Site collection
Top-level site
List/Library
[Folder]
Item / Document
Sub site Sub site
QUESTIONS TO ASK WHEN DESIGNING A SITE OR
SOLUTION:
• How will the site or solution be structured and divided into a set of site collections and sites?
• How will data be presented?
• How will site users navigate?
• How will search be configured and optimized?
• Is there content you specifically want to include or exclude from search?
• What types of content will live on sites?
• How will content be tagged and how will metadata be managed?
• Does any of the content on the sites have unique security needs?
• What is the authoritative source for terms?
• How will information be targeted at specific audiences?
• Do you need to have language- or product-specific versions of your sites?
http://www.criticalpathtraining.com/Members/Pages/Presentations.aspx Incorporating Managed Metadata in Custom Solutions in SharePoint 2010 Session
INFORMATION ACCESS
Determine the rules or policies that you need to have in place for the following
types of items:
• Pages
• Lists
• Documents
• Records
• Rich media
• Blogs and Wikis
• Anonymous comments
• Anonymous access
• Terms and term sets
• External data
Information Management: Permissions and Audiences
How do I structure permissions in a
site?
How do I target content to specific
audiences?
Should I use Information Rights Management (IRM) to protect content?
IT Governance: Access
How do I make this content accessible to external users?
How do I make sure that only
people who need access have it?
INFORMATION ASSESSMENT
Availability
Access Redundancy
Birth Life Rest
INFORMATION LIFECYCLE MANAGEMENT
INFORMATION MANAGEMENT KEEP CONTENT ‘CLEAN’, ENABLE AUDITING, RESTRUCTURE AS
YOU GROW
SHAREPOINT 2010 IM: IN PLACE RECORDS LOCK DOWN DOCUMENTS, PAGES, AND LIST ITEMS WITHOUT AN
ARCHIVE
Declare items records in bulk
Lock down non-document content,
like wikis
IN PLACE RECORDS & POLICIES CREATE SEPARATE RETENTION SCHEDULES FOR RECORDS
Different policies for records
Schedule declaration as part of lifecycle policy
Strictly Managed Loosely
Managed
APPLICATION MANAGEMENT
Determine customization types you want to allow, and how to manage them:
• Service level descriptions
• Processes for analyzing customizations
• Process for piloting and testing customizations
• Guidelines for packaging and deploying
customizations
• Guidelines for updating customizations
• Approved tools for development
• Who is responsible for ongoing code support
• Specific policies regarding each potential type of
customization (done through the UI or SD)
Customizations must adhere to
customization policy, deployments
and updates tested and rigorously
managed.
Rules about development
environments or customizations
are less rigid.
CUSTOMIZATIONS & BRANDING
• Isolate custom solutions: Sandbox Solutions
• Cannot use certain computer and network resources
• Cannot access content outside the site collection they are deployed in.
• Can be deployed by a site collection administrator.
• Governed: only a farm administrator can promote a sandboxed solution to run
directly on the farm in full trust.
• Master Pages and Page Layouts
• Themes
• To “Designer” or not to “Designer”
• Separate development, pre-production, and production environments (keep
these environments in sync)
CHALLENGES WITH SHAREPOINT
DEVELOPMENT
• Environment setup
• Platform learning curve
• Toolset support
• Team development
• Versioned releases
LIFECYCLE MANAGEMENT PROCESS
APPLICATION LIFECYCLE MANAGEMENT
Source: Microsoft TechNet, MSDN, and blogs
IMPLEMENTING GOVERNANCE POLICIES
GOVERNANCE PLANS
Backup
1 hour
1 day
1 week
Storage
Tier 1 – SAN
Tier 2 – NAS
Tier 3 – Azure
InfoMgmt
7 years
3 years
1 year
Auditing
Full Audit
Views + Edits
Views
Quotas
10 GB
50 GB
100 GB
Customizations
SP Designer
Site Galleries
Sandbox Solutions
Information
Ownership
Content Types
Ethical Walls
SHAREPOINT POLICY BUNDLES
Gold Silver Bronze
Backup 1 hour 1 day 1 week
Storage Policy (RBS) Tier 1 – SAN Tier 2 – NAS Tier 3 – Azure
Info Mgmt Policies 7 years 3 years 1 year
Auditing Full View + Edits Views
SharePoint Designer Enabled Disabled Disabled
Content Database Isolated DB Shared Shared
Sandboxed Solutions Enabled Disabled Disabled
Quota 100Gb 50Gb 10Gb
Cost $$$$$$ $$$$ $$
SERVICE REQUEST TYPES – SURFACING
OPTIONS TO CONTENT OWNERS AND BUSINESS
USERS
• Site Collection Request
• Transfer / Clone User Request
• Site Collection Content Lifecycle Request
• Sub-site Request
• Content Move Request
• Solution Package Deployment Request
• Gallery Artifact Deployment Request
• Recover Content Request
• Report Request
SERVICE REQUEST TYPE - SITE COLLECTION
REQUEST
Sales HR Project
Policy Silver Silver, Bronze Gold, Silver
Security Sales Management
HR Management Marketing
Management
Site Templates Custom Sales
Template
Enterprise Wiki
Team Site,
Publishing Site
Service Type Metadata Acct Type:
EPG/SMB/FIN
Workflow 1 Step 3 Step
2 Step
Global Metadata Location Location Location
Primary/Secondary
Site Contact
*Fill in the blank* *Fill in the blank* *Fill in the blank*
and wrap-up
ADDITIONAL CONSIDERATIONS
GOVERNANCE AND TRAINING
• Governance doesn't
work without user
adoption and
compliance.
• End-user training and
education, good content,
and search are keys to
user adoption.
• Document governance
plan.
GOVERNANCE STAKEHOLDERS
Form and use a governance group to create and maintain the policies and include the following roles:
• Information architects or taxonomists
• Compliance officers
• Influential information workers
• IT technical specialists
• Development leaders
• Trainers
• IT managers
• Business division leaders
• Financial stakeholders
• Executive stakeholders
KEY TAKEAWAYS
• Governance is there to ensure IT solutions achieve business goals
• Start simple
• Training
• Keep it fresh
• Don’t have a policy unless you can enforce it
We need your feedback!
Scan this QR code or visit
http://svy.mk/sps2012be
Our sponsors:
CONTACT AvePoint
Phone
(201) 793-1111
1-800-661-6588 (toll-free)
Social & Community
www.DocAve.com
http://www.facebook.com/AvePointInc
@AvePoint_Inc
Mary Leigh
Slides (sorry, no phone )
www.slideshare.net/mlmackie
Social & Community
www.DocAve.com
www.facebook.com/maryleigh.mackie
@mlmackie
RESOURCES
Product Info:
http://www.avepoint.com/sharepoint-
solutions/governance-and-compliance
NEW PRODUCT! Governance Automation:
http://www.avepoint.com/GovernanceA
utomation
Website houses all white papers, case studies, download links, datasheets, etc!
Download a FREE, fully-enabled 30 Day trial of DocAve at
www.avepoint.com/download
ADDITIONAL RESOURCES (PLEASE CLICK IMAGES OR VISIT WWW.AVEPOINT.COM/RESOURCES)
Customer Success Stories WhitePapers from AvePoint’s Own
SharePoint Experts
© 2011 AVEPOINT, INC. ALL RIGHTS RESERVED. NO PART OF THIS MAY B E REPRODUCED, STORED IN A RETRIEVAL
SYSTEM, OR TRANSMITTED IN ANY FORM OR BY ANY MEANS, WITHOUT THE PRIOR WRITTEN CONSENT OF AVEPOINT, INC.
AVEPOINT: WHO WE ARE Global Leader -- Microsoft® SharePoint
Infrastructure Management
“Clearly AvePoint is making the most of both Microsoft technology and the Microsoft
Partner Network in its quest to create a profitable business.”
– Jon Roskill, Microsoft Corporate Vice President, Worldwide Partner Group