TFS 2013 Care and Feeding


Published on

Best practices and practical advice for setting up a flexible, scalable, and effective TFS environment.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

TFS 2013 Care and Feeding

  1. 1. Being Ready for the Long Haul Angela Dugan ALM Practice Manager Polaris Solutions
  2. 2. Managing TFS Templates Managing TFS Security Other TFS Admin Tools
  3. 3. TFS Should Be PLANNED to ensure: Effectiveness Flexibility Scalability
  4. 4. TF Server Project Collection 1 Team Project C Master team Sub-Team 1 Sub-Team 2 Project Collection 2 Team Project A Team Project B Web Team Mobile Team
  5. 5. TPC = Collection of *tightly related* Team Projects TPC = SQL Database Can be backed up and restored individually TPCs are a Hard Boundary for Sharing and Visibility! Create only as many TPCs as absolutely necessary
  6. 6. No sharing of:  Work Items  Source Code  Queries  Reports  Build Controllers Team Project Collections CANNOT be renamed*
  7. 7. TF Server Project Collection 1 Team Project C Master team Sub-Team 1 Sub-Team 2 Project Collection 2 Team Project A Team Project B Web Team Mobile Team
  8. 8. Team Project <> “Project” TP = Logical “view” of data Team Projects Contain 1 Process Template 1 set of Roles/Permissions 1 SharePoint portal (optional) 1 Reports site (optional) Create only as many TPs as necessary
  9. 9. TPs can be broken into “Teams” Work Items Visible Across TPs Source code Visible Across TPs Reports Scoped Across TPs Queries Scoped Across TPs No ability to backup and restore*
  10. 10. No sharing of:  Work Item Templates and Definitions  Work Item Categories  Build Definitions  Areas and Iterations  Work Items cannot be MOVED to another Team project Team Projects CANNOT be renamed
  11. 11. Consideration Recommendation Codebases are being shared New or Same Team Project Database level artifact isolation required New Team Project Collection Organizational portfolio management needed ONE Team Project Desire to minimize administration New or Same Team Project Ability to easily scale due to database growth New Team Project Collection Need to hand off code/project to client New Team Project Collection Need a new process template or SCM (TFGit) New Team Project
  12. 12. Absolute minimum TFS administration overhead Easy sharing of code, work items, builds, etc. Allows for organizational portfolio management in TFS Great in theory, complicated in practice Very deep hierarchies of Areas and Iterations Builds folder may get unwieldy All users must agree on a process (not always easy) Security can be VERY complex if isolation is required
  13. 13. TF Server Project Collection 1 Team Project C Master team Sub-Team 1 Sub-Team 2 Project Collection 2 Team Project A Team Project B Web Team Mobile Team
  14. 14. Named group of users Provides narrowed scope for viewing work items and status Can be used to secure access to Team Project artifacts Each team has their own planning tools and views
  15. 15. Areas used to categorize WIT Map to Teams Control Content on Team Backlogs User Defined Securable
  16. 16. Used to Schedule WIT Attach to Product & Sprint Backlogs Map to Backlogs User Defined Securable
  17. 17. Pros  Teams can be categorized into sub-teams  Teams are allocated their own, isolated backlogs Cons  Teams cannot be shared across Team Projects  Teams are flat user lists  >100 users will not be loaded by Team Explorer
  18. 18. Managing TFS Templates Managing TFS Security Other TFS Admin Tools
  19. 19. Agile, CMMI, Scrum included Many free 3rd Party options Customize to match YOUR process Defines: Who is on your team? What can people do? How should they do it?
  20. 20. Behind the scenes it’s just a bunch of XML
  21. 21. Work Item Type Definitions Work Item Categories Work Item Links Queries Reports Lab Settings Build Settings Portal Settings Process Guidance Source Control Settings
  22. 22. Backlog Work Item Types Quick-Add Settings Default Columns & Widths Feedback Work item attributes Work Item Categories Meta-states Weekend days Work Item Colors
  23. 23. Don’t customize before using OOB first! Yes you can customize. But SHOULD you? Keep changes additive whenever possible Don’t customize only at the Team Project level (or be prepared for large consulting bills at upgrade time) Keep a “sandbox” TPC for piloting customizations Apply a dev process to releasing and testing customizations Always version your changes in SCM
  24. 24. Checkout template artifacts being edited Download core template (unless change is specific to TP) Edit template items If editing on server using Power Tools, make sure to export change to local copy of process template Upload changes to sandbox Team Project and verify Upload change to “production” Team Project and verify Upload Process Template to TPC (overwrite existing) Check in template
  25. 25. TFS Structure and Anatomy Managing TFS Templates Managing TFS Security Other TFS Admin Tools Configuration and Maintenance Best Practices
  26. 26. Team Foundation Server Instance Team Foundation Server Team Collection Team Foundation Server Team Project Team Foundation Server Teams Team Foundation Web Access SharePoint Site Collection SharePoint Sites Reports Server TFS group security and permissions can be found here: SharePoint security here: Pre-defined roles for SSRS can be found here:
  27. 27. TFS Permissions Managed via Admin Console and Web Permissions Limited to Team Projects Permissions Inherited via Group Membership SharePoint Permissions Managed via Central Admin and SharePoint Site Security Permissions can be scoped to Collection or Site Permissions Inherited via AD Group Membership Reporting Permissions Managed via Reports Server Site Permissions can be scoped to Server or Project Folders Permissions Inherited via AD and/or SharePoint Group Membership
  28. 28. Permissions are usually* inherited from group membership. Permissions can be allow, deny, or “not set”. For almost all permissions, deny trumps allow. If permissions are not explicitly set to allow, they are implicitly denied unless an allow has been inherited via group membership (“inherited allow”). If a user belongs to multiple groups, and ANY one group has a specific permission set to deny, that user will not be able to perform tasks that require that permission (“inherited deny”). TFS, TPC, and TP Administrator level permissions CANNOT be edited. *With build, version control, and work item related artifacts, explicit permissions that are set on a particular object override those that are inherited from the parent objects. This allows you to do things like allow a user access to a root source control folder, but deny them access to one of that folder’s branches.
  29. 29. Area: Area-level permissions are specific to a single project's users and groups. Iteration: Iteration-level permissions are specific to a single project's users and groups. Work Item Query: Work item query permissions are specific to the queries and query folders that you create. You can set permissions on queries and folders that are created under Team Queries to enable or restrict access. Build: Build-level permissions are specific to a single project's users and groups. You can set build permissions at the team project level, and you can also set permissions for specific build definitions (ex: locking down production deployment build scripts). Version Control: Version control permissions are specific to source code files and folders. Team: When a team is created, the team group is added to the TFS “Contributors” group for the team project, by default. So when you add a team member, that person is also added to the Contributors group by virtue of being a member of your team.
  30. 30. Managing TFS Templates Managing TFS Security Other TFS Admin Tools
  31. 31. Now an OOB Feature with TFS 2013 Backups up any/all TFS related databases Nightly, Manual or Custom Full, Differential, Transactional Allows for TPC-level Restore Notifications Available
  32. 32. TFS Power Tools: TFS extensions for managing TFS resources and providing advanced capabilities. CodePlex Add-Ons: community based, often authored by Microsoft employees, not officially supported Visual Studio Gallery: similar to CodePlex, officially supported by Microsoft Third-Party Plug-ins: usually free, extends TFS capabilities
  33. 33. TFS Power Tools: Check-in Policy Add-on Pack Process Editor Best Practices Analyzer CodePlex/VS Gallery TFS Admin Tool Team Project Manager Community Build Manager Third-Party Tools Attrice Sidekicks Other - TFS Operational Intelligence Reporting
  34. 34. Add-Ons Code Analysis Custom Path Forbidden patterns Work Item Queries Found in TFS Power Tools: 17b10c-02b4-4d6d-9845-58a06545627f
  35. 35. Import/Export/Manage: Work Item Definitions Workflow Form Layout Global Lists Open/Edit from file or server Found in TFS Power Tools: 7b10c-02b4-4d6d-9845-58a06545627f
  36. 36. Scan TFS Instance Hardware AND Software Detect Security Issues Lists non-default settings Detects non-compliance with best practices Recommends remediation
  37. 37.
  38. 38. Free TFS Analyzer Tool: View team project activities View and edit SCM settings View branch hierarchies View and edit security group and settings View and edit build templates View and edit build definitions Compare templates View and edit process configuration
  39. 39.
  40. 40. Visualization and Admin Add-On for TFS: Workspaces Security and Permissions Code Review SCM History and Labels
  41. 41. Activity Log Every command that every user has executed against TFS for the last 14 days. TFS Job Monitoring TFS Background Job Agent schedules and queues jobs within TFS Total Run Time - How long jobs take to Execute Number of Jobs Run - Number of times jobs are run and status Average Run and Queue Time - Number of jobs executing at a particular time, average time that they waited in the queue, and average run time Job Queue - which jobs are currently queued, their priorities and when they are expected to start.
  42. 42. Managing TFS Templates Managing TFS Security Other TFS Admin Tools
  43. 43. Follow recommended hardware and software guidelines: Don’t skimp on hardware if you don’t have to!
  44. 44. Apply all security updates. ‘Critical’ updates should be applied within 48 hours Be on the latest TFS release Be on the latest edition of SQL that is supported by the TFS version. Be on Enterprise edition for high-scale environments. Be on the latest OS release supported by the combination of SQL + TFS Be on the latest supported drivers for your hardware
  45. 45. Collect a performance baseline for a representative period of time • Helps to identify bottlenecks • Serves as a useful diagnostics tool in the future • A collection over a 24 hour period on a weekday @ 1-5min intervals to a local file should be sufficient. Don’t know which counters to collect? Download the PAL tool and look at the “threshold files” for “System Overview” on all your servers, “SQL Server” on your data tier servers, and "IIS" and ".NET (ASP.NET)" for your application tier servers.
  46. 46. Ensure antivirus exclusions are correct for TFS, SQL and SharePoint (KB2636507) Ensure firewall rules are correct Ensure page file settings are configured for an appropriately sized disk Ensure memory dump settings are configured for Complete memory dump Don’t run SQL or TFS as a local administrator
  47. 47. For HA scenarios, configure 2+ application tiers in a load balanced configuration Ensure that SQL Page Compression is enabled for up to a 3X storage reduction on tables other than tbl_Content (if running on SQL Enterprise or Data Center Edition) Check that SOAP gzip compression is enabled (vastly improved user experience response times for work item operations) Disable / monitor the IIS Log files so they don’t fill the drive: %windir%system32inetsrvappcmd set config - section:system.webServer/httpLogging /dontLog:"True" /commit:apphost
  48. 48. Change the TFS App Pool Idle Timeouts from 20 minutes to 0 and disable scheduled recycling to prevent app-pool recycle during business hours Implement a TFS Proxy Server and make sure people use it Especially impactful for build server! Even if no users are remote it reduces the requests/sec load on the ATs Enable SMTP settings and validate that they work (we commonly see issues where SMTP server won’t relay as the TFD service account) Set TFS’s NotificationJobLogLevel = 2 to get full errors for any event notification jobs that fail
  49. 49. Periodically run the BPA included with the Team Foundation Server Power Tools. Periodically review the activity log and job monitoring sections of the TFS “Operations Interface” at http://yourserver:8080/tfs/_oi/ Check for heavy users using Execution Time reports from the Performance report pack and tbl_Command in the TPC databases. Check build retention policies to ensure stale build logs and results and drops are being cleaned up. Clean-up tbl_Content by running the Test Attachment Cleaner tool. Clean-up unused workspaces and shelvesets. (Workspace and Shelveset sidekicks rock for this!)
  50. 50. Clean-up unused work item tracking fields (witadmin listfields /unused). Check Cube and Warehouse health using Admin report pack. Check work item tracking metadata size, and clean up constants / global list sizes (automatic cleanup in 2012.2). Look at the file/folder sizes in %localappdata%MicrosoftTeam Foundation4.0Cache. Evaluate work item tracking fields that are set to reportingtype=’dimension’. Do they really need to be in the cube? If not, set them to ‘detail’ Evaluate if you have custom work item tracking fields that are used in many work item queries and would benefit from being indexed. (witadmin indexfield /index:on). Check tbl_EventSubscriptions for invalid email and SOAP subscriptions. Use TFS 2012 web access as an admin to view ‘All Alerts’ and delete them
  51. 51. Monitor disk space usage on the build agents Monitor queue time for the builds, spin up more agents as needed Clean up the Builds folder on build agents to remove old workspaces Backup the Symbols share regularly Backup the Builds Drop folder regularly Exclude Builds, Symbols, Drop, Team Explorer Cache from Anti- virus real time scanning TFS Build Manager Extension: 8e7f-1c678e46557f