Moss Governance Guidelines


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Moss Governance Guidelines

    1. 1. Guidelines for SharePoint Governance<br />26.april 2009<br />Kjell-Sverre Jerijærvi<br />Microsoft<br />
    2. 2. SharePoint Governance Checklist<br />Always use the checklist guide whitepaper<br />Customers find the guidance very useful, strongly recommended<br />Aspects covered includes<br />Design-time and run-time governance<br />Roles and ownership<br />Information architecture, navigation and findability<br />Branding<br />Infrastructure and operations<br />Testing and development<br />Each checklist has a related tips & information section<br /><br />
    3. 3. Start With Simple Governance<br />Architecture Governance<br />Logical architecture model based on Information Architecture and capacity, sharing and isolation, configurable items, administration, and planning recommendations<br />Farm design<br />Site-collection structure<br />Information asset structure<br />…to create a workable design considering hard and soft limits<br />Adapt governance according to targeted solution<br />SharePoint as an Enterprise 2.0 platform<br />Business applications hosted in SharePoint<br />Push vs Pull:<br />
    4. 4. Start With Simple Governance<br />Required Operational Governance<br />Availability<br />Farm with redundancy<br />Monitoring<br />Backup and Recovery<br />Policies must be defined and enforced<br />Restore specific information assets<br />Tested disaster recovery plan<br />Make sure that complete solution can be restored within allowed time limit<br />
    5. 5. Start With Simple Governance<br />Minimum Governance<br />Site Lifecycle Management (SLM)<br />Policies (owners, free/paid, lifespan, inactivity, deletion, etc)<br />Automation of SLM through site creation wizard and timer jobs<br />Site delete capture<br />Content Type (metadata) definitions<br />Classification of all information assets, from sites to documents<br />At least the “closed” content types (the immutable base metadata)<br />
    6. 6. Start With Simple Governance<br />Optional Governance<br />User Lifecycle Management (ULM)<br />Manage the lifecycle of accounts as people starts, transfers, quits<br />Policies for permissions and ownership of information assets<br />Automation of ULM though partner/open solutions<br />Visibility into usage<br />Visibility into permissions<br />
    7. 7. Site Lifecycle Management<br />Governing Sites from Creation to Deletion<br />SLM policies must be defined and enforced<br />Standard SLM only for site-collections<br />Site use confirmation and deletion<br />Custom Site Creation Wizard<br />Use only if ootb SLM functionality is not sufficient<br />Develop custom wizard to collection data related to SLM<br />Store SLM data in site properties<br />Develop timer job to enforce SLM policies<br />Site Delete Capture<br />Do not rely on database backup to restore deleted sites (backup media retention timespan might be shorter than SLM restore policy timespan)<br />MSIT tool:<br />
    8. 8. User Lifecycle Management<br />Governing Users from Creation to Deletion<br />ULM policies must be defined and enforced<br />Related to information security<br />Information asset permissions must be managed when<br />Account is removed/deleted<br />User transfers to another department<br />Information asset ownership must be managed when<br />Account is removed/deleted<br />User transfers to another department<br />Recommended partner solutions:<br />DeliverPoint<br />ControlPoint<br />
    9. 9. Content Type Governance<br />Using Content Types for Content Classification<br />Always create company specific base content types<br />Use few required metadata fields<br />Use sensible default values where possible<br />Follow “Open/Closed” principle for content type hierarchy<br />Support the Office 2007 Document Information Panel (DIP)<br />Decide and enforce behavior<br />Policies<br />Workflows / Event receivers<br />Information management policies<br />Retention, Auditing, Labeling / barcodes<br />
    10. 10. Document Template Governance<br />Using Templates in Content Types<br />Shared templates<br />Manage and store templates in a central location<br />Do not store templates directly in content types, always reference the central shared templates<br /><br />
    11. 11. List Definition Governance<br />Use Lists Based on Content Types<br />List content<br />Use only a few content types<br />Content types must be cohesive<br />Prefer list views over folders<br />List permissions<br />Prefer using inherited permissions<br />Avoid user item level permissions<br />Content Management<br />Versioning, Check-in/out, Workflows / Event receivers<br />Information Rights Management<br />Policies for usage and access restrictions<br />Information management policies<br />Retention, Auditing, Labeling / barcodes<br />
    12. 12. Search Governance<br />Findability and Information Security<br />Ease of adding information assets to correct location<br />Users should not have to enter a lot of required metadata<br />Users should not have to browse/navigate a lot to store content<br />Task context should deduce location, ref CRM document store<br />Metadata tagging through content types for all findable assets<br />Search scopes<br />Faceted search<br /><br />Information isolation<br />Separate SSP or even separate farms<br />
    13. 13. Permissions Guidance<br />Simple Permissions Policies is More Secure<br />Use SP groups to manage user group memberships<br />Build your SP groups from AD security groups<br />Do not assign permissions to single users, always assign to groups<br />Prefer inherited user groups (role definitions)<br />Prefer inherited permissions (role assignments)<br />Avoid assigning item level permissions<br />Site-collections are preferred permission management boundaries<br />The more diverse and fine-grained permissions assignments you have, the harder it is to know who has access to what – and the more likely it is that there will be information security breaches<br />
    14. 14. Shared Metadata Governance (pre-2010)<br />Metadata across Multiple Site-Collections<br />Metadata<br />Content types with site columns including lookups<br />List definitions<br />Management and distribution from master to applications<br />Reference data<br />Typically values for lookup type site columns<br />Management and distribution from master to applications<br />Always plan and test how to replicate shared metadata across your designed site-collection topology<br />Metadata replication software<br />Custom development<br />Echo or DocAve<br />Look for new functionality in Office 14<br />
    15. 15. Metadata Usage (pre-2010)<br />Open Solutions @ CodePlex<br />Community Kit<br />Social bookmarking<br />Tag cloud<br />Enhanced wiki edition<br />Enhanced blog edition<br />Enhanced discussion board edition<br /><br />Faceted search<br /><br />…and a lot more not related to metadata<br /><br />
    16. 16. Quota Governance<br />SharePoint Administration, SQL Server Monitoring<br />Plan for software boundaries<br /><br />MySite (site-collection)<br />Storage size (default 100MB)<br />Site-Collection<br />Storage size<br />Notification e-mail on size threshold<br />Usage reports<br />Document<br />Upload size (default 50MB, max 2GB)<br />Content Database<br />Recommended max 200GB<br />Recommended max 50.000 site-collections pr DB<br />
    17. 17. Development Governance<br />Design-Time Governance for Upgradability<br />Site Design<br />Use standard site-definitions with feature stapling<br />Avoid custom site-definitions and site-templates<br />Do not use SharePoint Designer, except for prototyping<br /><br />Workflows<br />Do not use SharePoint Designer, except for prototyping<br />Branding<br />Do not use SharePoint Designer, except for prototyping<br />Document Information Panel (DIP)<br />Prefer standard DIPs, avoid customization<br />If customized using InfoPath, all clients must have InfoPath installed to use the customized DIPs<br />
    18. 18. Patterns & Practices SharePoint Guidance<br />Guidance & ReferenceImplementation<br />Helps architects and developers design, build, test, deploy, and upgrade SharePoint intranet applications<br />Demonstrates solutions to common architectural, development, and application lifecycle management challenges<br /><br /><br />