Upload
ivor-davies
View
1.242
Download
1
Tags:
Embed Size (px)
DESCRIPTION
SharePoint 2010 Governance Best Practices presentation made at SharePoint Saturday Ottawa on Saturday December 1st 2012
Citation preview
SharePoint 2010Governance Best Practices
Ivor DaviesSharePoint Evangelist & Senior Technical Specialist@IvorDavies59 (Twitter)
December 1st, 2012
My Biography….– 10 Years of SharePoint experience – back to 2003– 22 Years of IT work with the Province of Ontario
(30 years with company)– Seasoned IT Professional in SharePoint / Business
Intelligence / Project Server / Microsoft Office / Virtualization
– Social Media Enthusiast (Twitter / LinkedIn, Facebook / Pinterest / Klout / Yammer)
– SharePoint Evangelist in Social Media!– Lover of Dogs!
Agenda:
• What is Governance?• Why should we care?• Governance is based upon reach• SharePoint Pain Points• The Governance Process• Implementing Governance• Governance Teams (Strategic / Tactical)• Governance Planning Roadmap Overview• Governance Plan Elements• Key points to remember…• References
Governance is…..
4
A set of policies, roles and responsibilities and processes to guide how organizations and divisions at Microsoft best use of SharePoint to keep SharePoint sites under control, limit security threats, and practice document lifecycle management.
SharePoint Governance
• A set of policies, roles and responsibilities and processes to guide how organizations and divisions at Microsoft best use of SharePoint to keep SharePoint sites under control, limit security threats, and practice document lifecycle management.
• Helps to:– Keep SharePoint sites & access under control– Limit security threats– Practice document lifecycle management
• What do we govern?Govern Information Architecture SharePoint
Services
Why should we care?
6
Governance is based on “reach”
Home Page
Functional
Areas
Divisions– “Public”
Departments – “Private”
Team Sites
Personal Sites – My Sites
“PUBLIC” SITES: Open to all employees
TEAM SITES: Generally open to team members
Tightly controlled,
formal governance
Looser control, less formal governance
Some control, some formal governance
“PRIVATE” SITES: Open to business group members
7
• Too many sites; users can't find content• Users don’t know the security of the library
before saving. (Not easy to know.) • Users can't remember URLs• Orphaned Team & Personal Sites, Document &
Meeting Workspaces• Rollover of site ownership• Users consistently exceeding site quota• No Site Recycle Bin complicates cleanup
SharePoint Pain Points
SP Pain Points Continued…• Document versioning is turned on without
limitation – e.g. a single document with 2GB of versions
• Features installed in the environment and no longer used – you should clean these up as part of any migration
• Every single FAB 40 server admin template installed & activated in the farm – installed just because & made available to everyone
Problems with Unmanaged SharePoint
1. SharePoint growth which is costly to manage2. Sensitive content not properly secured,
information leaked3. Outdated & irrelevant search results4. Difficulty in finding desired information
Governance Process
Define or Update Policies
Implement Policies
according to definition
Enforce Policies
Measure & Analyze
Effectiveness
Implementing Governance
• Organize Governance Committee including the following roles, LCA, Records Management, Taxonomist, IT Ops, IW worker and INS team
• Review Information Architectures and identify potential inefficiencies
• Determine goals & policies• Organize contents, pilot and deploy management
process & policies• Develop Education Strategy & Training material• Develop ongoing assessment & evaluation of
Governance strategy
Governance Goals and Policies
• Goals– Manage SharePoint growth– Reduce # unused site collections– 100% of sites compliance with classifications– Clear end-user responsibility & accountability of
content• Policies
– Site lifecycle management & expiration – Site ownership validation– Site decommission process– Site storage & quota management
• Quality– Provide easy access to information – Intuitively designed navigation and information architecture– Offer hosting service packages – Provide feedback to teams
• Awareness– Showcase SharePoint as an intranet/portal solution
• Usage– Promote frequent use of SharePoint among all employees– Maintain portfolio of hosted content
Governance Goals and Policies
Governance Teams
Strategy Tactical
Vision
User adoption
Training
IT & Business
Operation
Support
Development
Strategic Team• How do we improve business processes & how
do we deliver on that?• What structures need to be in place to deliver
this value?• What areas of the business offer the most
opportunity for growth?• How can we align our activities with the goals
of the business?• Are there synergies that can be created
between divisions and departments?• What ways can we reduce inefficiencies and
duplication?
Tactical Team• The tactical team consists of three sub teams all
charged with supporting the directives of the strategy team: – Operations– Support– Development
It’s easy to make mistakes …
18
…so it’s especially important to plan!
• Avoid sprawl• Ensure quality • Deliver a great user experience• Consistency in UI (User Interface) experience across the
portal• Consistent navigation• Clear decision-making authority• Align portal with business objectives• Communicate best practices• Content ownership (who owns the content?)
19
But, the plan is not enough – it must be CONSUMABLE …
20
What percent of employees say they don’t always their company’s security policies?
What percent say the aren’t even of the policies?Aware
follow
… and most importantly, you must be prepared to
21
Governance Planning Roadmap
22
2. Identify an Inclusive Team
5. Discuss “Framing” Decisions
3. Document the Vision
6. Identify Roles and Responsibilities
7. Develop Guiding Principles
8. Get Social?
4. Review the Deployment Model
10. Document
11. Socialize, Promote, Verify
9. Understand Policies; Define Guidelines
1. Design First
Courtesy of Susan Hanley
Governance Best Practices
• Define your audience• State the service opportunity• Identify stakeholders• Operational requirements
(i.e., maintenance windows)• Good Communication plan• Get user feedback• What is out of scope?• Create strong partnerships
Governance Best Practices
24
Target specific audiences
Don’t read without training
Just in time, just enough – make it consumable
Basics first, then the hard stuff – 10/2 rule
Lessons Learned
• It’s really about both assurance and guidance & it takes COMMITMENT – plan, plan, plan
• No one cares about governance – until you make it all about them!
• Less is more – avoid unnecessary bureaucracy & documents
• Create & communicate a roadmap• Build best practices into your site templates &
automate everything you can• A governance plan doesn’t replace training • … & training should include the governance plan
25
Governance Plan Elements
26
Governance Plan Element
Description Target Audience
Overview Explains the vision, why governance is important, and the overall model
All Users
Guiding Principles Key statements that support the vision All Users
Roles and Responsibilities
Describes the key roles required to ensure success Users with a key role
Content Authoring Policies and Guidelines
Describes policies and best practices for content publishing and content management
Content Authors
Design Policies and Guidelines
Describes what must be done (policies) and best practices (guidelines) for site configuration
Site Owners/ Solution Analysts
Processes and Procedures
Describes key processes (for example: request or de-commission a site)
Site Owners
Key Points to remember…• Establish a governance plan to ensure quality &
relevance of content• Keep the governance model SIMPLE
(Don’t OVER DESIGN)• Think about how we will ensure compliance with
the plan over time• An EFFECTIVE governance plan does not have to
constrain every move – it has to provide guidance to users to ensure that the solution remains effective & vibrant over time.
• Ensure a strong advocate / Executive Sponsor
Good SharePoint ResourcesSharePoint Server 2010 Plan for Sites and Solutions: http://technet.microsoft.com/en-us/library/cc789336.aspxSharePoint 2010 Governance White Paper: http://technet.microsoft.com/en-us/library/ff848257.aspxPlanning Guide for Sites and Solutions: http://www.microsoft.com/download/en/details.aspx?id=23613Good Books about SharePoint Planning and Implementation, and Governance(quoted above):
Governance – SharePoint Server 2010
A governing group defines the initial offerings of the service, defines the service's ongoing policies, and meets regularly to evaluate success.
The policies you develop are communicated to your enterprise and are enforced.
Users are encouraged to use the service and not create their own solutions – installations are tracked and rogue installations are blocked.
Multiple services are offered to meet different needs in your organization. Offering a set of services enables you to apply unique governance rules and policies at various levels and costs. In addition, you can phase in services in a manageable way.
Service-level agreements should include:
© 2010 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at [email protected].
Governance is the set of policies, roles, responsibilities, and processes that guides, directs, and controls how an organization's business divisions and IT teams cooperate to achieve business goals.
Three major areas for governing SharePoint 2010 Products:
IT governance of the software itself and the services you provide
Application governance of the custom solutions you provide
Information Management governance of the content and information that users store in those services.
Deployment governance
I T Governance
When you develop an IT service to support SharePoint 2010 Products, a key to success is your enterprise's ability to govern the service and ensure that it meets the business needs of your organization in a secure and cost-effective way. A successful IT service includes the following elements:
IT service governance
I nformation Management
Information architecture
Application Management
Customization policy
Lifecycle management
Governance and Site TypesDifferent types of sites frequently require different governance policies.
Typically, published sites have tighter governance over information and application management than team sites and My Site Web sites.
Each type of site should have a specific IT Service plan, so that the service level agreements match the importance of the site to the organization as a whole.
Con
cep
ts
Governance Areas Governance StakeholdersYou must ensure that your governance policies are appropriate to your organization's goals, and you must keep them up-to-date as business needs change. Form and use a governance group to create and maintain the policies and include the following roles:
Governance and Training
Governance doesn't work without user adoption and compliance.
End-user training and education, good content, and search are keys to user adoption.
What to govern: Quotas – Quota templates define how much data can be stored in
a site collection and the maximum size of uploaded files. Associate different quota templates with site collections at different service levels.
Site lifecycle management – You can govern how sites are created, the size of sites, and the longevity of sites by using self-service site management and site use confirmation and deletion. Set expiration and access policies to control content in sites.
Asset classification – Classify sites and content by value and impact of the content to the organization (such as high, medium, or low business value/impact). Classification then controls other behaviors, such as requiring encryption for high business impact information.
For IT governance, you can control the services that you offer, and you can control or track software installations in your environment to prevent proliferation of unmanaged servers for which you can't provide support. What will you provide with each service, and what will you include in service-level agreements for each service?
Information management is the governance of information in an enterprise — its documents, lists, Web sites, and Web pages — to maximize the information¶s usability and manageability. Another aspect of information management is determining who has access to what content – how are you making content available internally and externally and to whom?
How will you manage the applications that are developed for your environment? What customizations do you allow in your applications, and what are your processes for managing those applications?
You can block installations of SharePoint 2010 Products to prevent users from installing them to unauthorized servers that you cannot support. You use a group policy in Active Directory Domain Services (AD DS) to set a registry key on all servers that block installations.
Block installationsAn Active Directory Domain Services (AD DS) marker named Service Connection Point identifies the SharePoint 2010 Products servers in an organization. To use this marker, create a container in AD DS and set the permissions for the container before you install any SharePoint 2010 Products in the environment. Then, when you or another user in your domain runs the SharePoint Products Configuration Wizard as part of installing SharePoint Server 2010, this marker is set and can be tracked by using AD DS. You must set this marker for each domain in your organization if you want to track installations in all domains. This marker is removed from AD DS when the last server is removed from a farm.
Track installations
In addition to governing services that you offer, you also need to govern installations of SharePoint 2010 products in your environment. You can block all installations, or track and monitor installations. And you should make sure that your installations have the current software updates installed.
Information architects or taxonomists
Compliance officers
Influential information workers
IT technical specialists
Development leaders
Trainers
IT managers
Business division leaders
Financial stakeholders
Executive stakeholders
Centrally managed Locally managedSoftware, services, and sites are hosted and managed centrally by a core IT group
Software, services, and sites are hosted and managed locally by
individual groups
I T Governance
What's the right balance for your organization?
Keep current with software updatesAlways keep your servers current with the latest software updates. For more information, see the Updates for SharePoint 2010 Products Resource Center at http://go.microsoft.com/fwlink/?LinkID=160585.
Information architecture determines how the information in that site or solution – its Web pages, documents, lists, and data – is organized and presented to the site's users. Information architecture is often recorded as a hierarchical list of content, search keywords, data types, and other concepts.
Questions to ask when designing a site or solution:
How will the site or solution be structured and divided into a set of site collections and sites?
How will data be presented?
How will site users navigate?
How will search be configured and optimized?
Is there content you specifically want to include or exclude from search?
What types of content will live on sites?
How will content be tagged and how will metadata be managed?
Does any of the content on the sites have unique security needs?
What is the authoritative source for terms?
How will information be targeted at specific audiences?
Do you need to have language- or product-specific versions of your sites?
Good information architecture supports the following goals:
Manageability: can the IT team effectively implement and manage the information?
Requirements: does the information architecture meet regulatory requirements, privacy needs, and security goals?
Business: does the architecture add to your organization's effectiveness?
Information management tools
Follow these best practices to manage applications that are based on SharePoint 2010 Products throughout their lifecycle:
Use separate development, pre-production, and production environments (see Deployment model) and keep these environments in sync.
Test all customizations before releasing initially and after any updates have been made before you release them to your production environment.
Use source code control and solution and feature versioning to track changes to code.
1 Initial requirements are gathered and tasks assigned.
Developers use tools to track development and store source code for customizations.
Automated builds are generated for integration testing.
Build verification farm is used for additional testing (larger environments).
After testing, customizations are deployed to pre-production environment.
Pre-production environment matches production environment as closely as possible.
After verifying in pre-production, customizations are deployed to production.
End users use the production environment, provide additional feedback and ideas. Issues are reported and tracked.
Feedback and issues are transformed to requirements and tasks, cycle begins again.
2
3
8
10
11
6
4
Summary of lifecycle management process
For a full explanation of this process, see the video Development Lifecycle for SharePoint 2010 at:http://go.microsoft.com/fwlink/?LinkId=200174.
Determine which types of customizations you want to allow/disallow, and how you will manage customizations. Your customization policy should include:
BrandingConsistent branding with a corporate style guide makes for more cohesive-looking sites and easier development. Store approved master pages in site galleries for consistency so that users will know when they visit the site that they are in the right place. Define which parts of the template can be changed by site owners and which cannot. Allow room for sub-branding of individual team or project brands.
Govern your content by using tools for content management, including:
Use workflows and approval for document centers and site pages – wherever official documentation is stored.
Use approval for published Web sites to control pages.
Use version history and version control to maintain a history and master document.
Use content types with auditing and expiration for document libraries to manage document lifecycle.
Manage uploads to large libraries by using the Content Organizer.
Use site use confirmation and deletion to manage site collection lifecycles.
Identify important corporate assets and any sites that contain personally identifiable information – be sure that they are properly secured and audited.
Use Records Centers to store, audit, and control records in compliance with regulations or laws.
When thinking about content, consider the balance between the following factors. Which of these factors is the highest priority for each type of content?
5
7
9
Testing personnel test the customizations.
Previous testing ensures that when customizations are deployed to production, there are no unexpected issues or problems encountered.
Service level descriptions
Processes for analyzing customizations
Process for piloting and testing customizations
Guidelines for packaging and deploying customizations
Guidelines for updating customizations
Approved tools for development
Who is responsible for ongoing code support
Specific policies regarding each potential type of customization, whether the customization is code-based or no-code (done through the user interface or SharePoint Designer)
Sandboxed solutionsConsider using a restricted execution environment, called a sandbox, to isolate custom solutions. Sandboxed solutions cannot use certain computer and network resources and cannot access content outside the site collection they are deployed in . Sandboxed solutions can be deployed by a site collection administrator. Only a farm administrator can promote a sandboxed solution to run directly on the farm, outside its sandbox, in full trust.
For example, having a single copy of a document is good for reducing redundancy, but it is a problem for availability and access if it is deleted.
Map out the preferred content lifecycle. What steps need to happen when a list item, document, or page is created, updated, or deleted? For best results, develop a long term rather than a temporary solution.
Much of this should be covered by your document and records management plans, but also consider the storage costs for the content. Understand the capacity planning limits for documents and items, and keep performance and scale in mind.
Impact = Exposure If this leaks, will it hurt my
business?
Value = AvailabilityIf this isn't available, can my
business run?
Data protection (backup and recovery) – Vary the level of data protection that you offer based on service levels. Plan the frequency at which you back up the farms and the response time that you will guarantee for restoring data.
Security, infrastructure, and Web application policies – how is the system and infrastructure maintained and who has access at what levels. Are you controlling use of fine-grained permissions?
Length of time and approvals necessary to create a site.
Costs for users/departments.
Operations-level agreement – which teams perform which operations and how frequently.
Policies around problem resolution through a help desk.
Negotiated performance targets for first load of a site, subsequent loads, and performance at remote locations.
Recovery, load balancing, and failover strategies.
Customization policies.
Storage limits for content and sites.
How to handle inactive or stale sites.
Multi-language support.
Information accessBe sure to consider access to content when you design your solution and sites. This overlaps with IT Governance as you consider your entire environment. Ask the following questions:
Information Management: Permissions and AudiencesHow do I structure permissions in a site?
How do I target content to specific audiences?Should I use Information Rights Management (IRM) to protect content?
IT Governance: AccessHow do I make this content accessible to external users?
How do I make sure that only people who need access have it?
Integrate your information architecture with your environment's search strategy. Take advantage of Enterprise search features like best bets, people search, and content sources and connectors for external content.
Central published site
Divisional published sites
Group and team sites
Projects and workspaces
My Site Web sites
Typ
ical
de
gre
e o
f go
vern
anc
e
Site types in a typical environment
Determine the rules or policies that you need to have in place for the following types of items:
Pages
Lists
Documents
Records
Rich media
Blogs and Wikis
Anonymous comments
Anonymous access
Terms and term sets
External data
Content needs to be available when users
need it, and where they can get to it.
Shared copies reduce redundancy, and provide one version of the truth.
Availability Redundancy
Access Consider who has access to the content. If it should be secure, is it?
Strictly managed development
Application Management
Customizations must adhere to customization policy, deployments and updates tested and rigorously managed.
Rules about development environments or customizations are
less rigid.
What's the right balance for your organization?
Loosely managed development
Tightly managed Loosely managed
Appropriate for: Structured content High-business-impact content Personally identifiable
information Records
Appropriate for: Low-business-impact content Short term projects Collaboration
I nformation Management
Content is tagged with structured metadata, permissions are tightly controlled, content is archived or purged per retention schedules.
Content is tagged only socially and not tracked; permissions and archiving are not
monitored or managed.
What's the right balance for your organization?
References:• Microsoft SharePoint Team Blog:
http://blogs.msdn.com/SharePoint/archive/2006/12/13/management-and-governance-resources.aspx
• Governance overview(SharePoint Server 2010):http://technet.microsoft.com/en-us/library/cc263356(office.14).aspx
• Plan to share terminology & content types (SharePoint Server 2010):http://technet.microsoft.com/en-us/library/ee519603(office.14).aspx
References (continued):• Managed metadata service application overview
(SharePoint Server 2010):• http://technet.microsoft.com/en-us/library/ee4
24403(office.14).aspx• Managed metadata overview (SharePoint Server
2010):http://technet.microsoft.com/en-us/library/ee424402(office.14).aspx
• Best practices for My Sites:http://technet.microsoft.com/en-us/library/cc262706.aspx
Additional Resources on Social Media• SharePoint 2010 Group on LinkedIn:
– http://www.linkedin.com/groups/SharePoint-2010-1869506?trk=myg_ugrp_ovr
• SharePoint 2013 Group on LinkedIn:– http://www.linkedin.com/groups?gid=3854668&trk=myg_ugrp_ovr
• Twitter Hastags for SharePoint 2010– #sp2010 / #sharepoint / #spsottawa
• 50 Must-Follow Tweeters for SharePoint Enthusiastshttp://www.topsharepoint.com/50-must-follow-tweeters-for-sharepoint-enthusiasts
• Follow Ivor Davies on Twitter– @IvorDavies59
Supplement Example
33
For an example of a “quick guide” for Content Authoring for SharePoint, visit:
http://bit.ly/H03c42
Thank You !@IvorDavies59
Thank you to all of our Sponsors!!
Join us for SharePint today!
Date & Time: Dec 1st, 2012 @6:00 pmLocation: Pub Italia Address: 434 ½ Preston StreetParking: On street with meters $Site: http://www.pubitalia.ca/
Remember to fill out your evaluation forms to win some great prizes!
&