Chicago Code Camp 2014
ALM Practice Manager
Certified Scrum Master
15 years in the software industry
8+ years as an architect, BA, PM, developer, and team lead
5+ years with Microsoft as an ALM evangelist
2+ years with Polaris Solutions as ALM Practice Manager
Shameless self promotion
Polaris Solutions- http://www.polarissolutions.com/
Chicago Visual Studio ALM User Group - http://www.chicagoalmug.org/
Twitter: @OakParkGirl, @ChicagoALM, @TeamPolaris
Blog - http://www.tfswhisperer.com/
TFS Should Be PLANNED to ensure:
Effectiveness – Does it do what you need?
Flexibility – Does it add unjustified overhead?
Scalability – Will it be a bottleneck?
Sub-Team 1 Sub-Team 2
TPC = Collection of *tightly related*
TPC = SQL Database
Can be backed up and restored
Create only as many TPCs as
No sharing of:
Team Project Collections CANNOT be renamed*
Sub-Team 1 Sub-Team 2
Team Project <> “Project”
TP = Logical view of subset of TPC data
Team Projects Contain
1 Process Template
1 commons set of users and roles
1 SharePoint portal (optional)
1 Reports site (optional)
Create only as many TPs as necessary
Work Items, Source Code, Reports, and Queries CAN cross Team Project
BUT… no sharing of:
Work Item Templates and Definitions
Areas and Iterations
Work Items cannot be MOVED to another Team project, only copied
Team Projects CANNOT be renamed
Absolute minimum TFS administration overhead
Easy sharing of code, work items, builds, etc.
Allows for organizational portfolio management in TFS
Great in theory, complicated in practice
Can result in very deep hierarchies of Areas and Iterations
Builds folder may get crowded and unwieldy
All users must agree on a process template (not always easy)
Security can be VERY complex if granular artifact isolation is required
Codebases are being shared Create New TP or Add to Existing TP
Database level artifact isolation required (compliance) New Team Project Collection
Organizational portfolio management needed ONE Team Project
Desire to minimize administration overhead Create New TP or Add to Existing TP
Ability to easily scale due to database growth New Team Project Collection or split TPC
Need to hand off code/project to client New Team Project Collection or split TPC
Need a new process template or SCM (TFGit) New Team Project
Sub-Team 1 Sub-Team 2
Named group of users
Provides narrowed scope for
viewing work items and status
Can be used to secure access to
Team Project artifacts
Each team has their own planning
tools and views
Teams can be categorized into sub-teams
Teams are allocated their own, isolated backlogs
Teams cannot be shared across Team Projects
Teams are flat user lists
>100 users not loaded by Team Explorer you have bigger issues!
Team capacities do not “roll up” automatically to parent teams
Agile, CMMI, Scrum included
Many free 3rd Party options
Customize to match YOUR process
Who is on your team?
What can people do?
How should they do it?
Behind the scenes it’s just a bunch of XML Files
Don’t customize before evaluating OOB first!
Yes you can customize. But SHOULD you?
Keep a “sandbox” TPC for piloting customizations
Keep changes additive whenever possible
Keep customization consistent across Team Projects if possible
Apply an ALM process to releasing and testing customizations
TFS Structure and Anatomy
Managing TFS Templates
Managing TFS Security
Other TFS Admin Tools
Configuration and Maintenance Best Practices
Team Foundation Server Instance
Team Foundation Server Team Collection
Team Foundation Server Team Project
Team Foundation Server Teams
Team Foundation Web Access
SharePoint Site Collection
TFS group security and permissions can be found here: http://msdn.microsoft.com/en-us/library/vstudio/ms252587.aspx
SharePoint security here: http://office.microsoft.com/en-us/sharepoint-server-help/manage-membership-of-sharepoint-groups-HA101794106.aspx?CTT=5&origin=HA101794118
Pre-defined roles for SSRS can be found here: http://msdn.microsoft.com/en-gb/library/ms157363.aspx
TFS Permissions Managed via Admin Console and Web
Permissions Limited to Team Projects
Permissions Inherited via Group Membership
SharePoint Permissions Managed via Central Admin and SharePoint Site Security
Permissions can be scoped to Collection or Site
Permissions Inherited via AD Group Membership
Reporting Permissions Managed via Reports Server Site
Permissions can be scoped to Server or Project Folders
Permissions Inherited via AD and/or SharePoint Group Membership
Yes, there are THREE separate places to manage security!
Permissions are inherited from group membership*.
Permissions can be allow, deny, or “not set”.
For almost all permissions, deny trumps allow*.
If permissions are not explicitly set to allow, they are implicitly denied unless an allow has
been inherited via group membership (“inherited allow”).
If a user belongs to multiple groups, and ANY one group has a specific permission set to
deny, that user will not be able to perform tasks that require that permission.
TFS, TPC, and TP Administrator level permissions CANNOT be edited.
*With build, version control, and work item related artifacts, explicit permissions that are set on a particular object override those that are inherited from the parent
objects. This allows you to do things like allow a user access to a root source control folder, but deny them access to one of that folder’s branches.
TFS Power Tools: TFS extensions for managing TFS resources
and providing advanced capabilities.
CodePlex Add-Ons: community based, often authored by
Microsoft employees, not officially supported
Visual Studio Gallery: similar to CodePlex, officially supported by
Third-Party Plug-ins: usually free, extends TFS capabilities
TFS Power Tools:
TFS Backup and Restore
Check-in Policy Add-on Pack
Best Practices Analyzer
TFS Admin Tool
Team Project Manager
Community Build Manager
Used to be a Power Tool, now an OOB Feature with TFS 2013
Backups up TFS related databases
Nightly, Manual or Custom
Full, Differential, Transactional
Allows for TPC-level Restore
TFS SCM Add-Ons
Work Item Queries
Found in TFS Power Tools:
Work Item Definitions
Open/Edit from file or server
Scan TFS Instance
Hardware AND Software
Detect Security Issues
Lists non-default settings
Detects non-compliance with
Free TFS Analyzer Tool:
View team project activities
View and edit SCM settings
View branch hierarchies
View and edit security group and settings
View and edit build templates
View and edit build definitions
View and edit process configuration
Supports TFS 2008+
Visualization and Admin Add-On for TFS
Plugs right into Visual Studio
Provides additional features around:
Security and Permissions
SCM History and Labels
FREE, yes, I know!