Creation of a well constructed governance plan is a core task for any org looking to establish good controlled sharepoint deployment….But it is just the beginning…
Emphasis here on communication and accountability. Governance is the set of policies, roles, responsibilities, and processes that guides, directs, and controls how an organization's business divisions and IT teams cooperate to achieve business goals. Regardless of what gets documented for the organization, the question of “What’s possible” (technology) is key. We are writing specific governance plans for a technology, so knowing what to enforce is key. Does this sound like you? Anonymous AvePoint customer quote: "We have a lot of great standards that people don't really want to follow."
This spectrum applies to all phases of governance we are talking about today, IT Gov, Information Gov, and Application Lifecycle Management(very restricted is easy out of the box – need a perfect mix)Today we are looking at a spectrum for each area of governance: 1. Few restrictions, everyone has access (i.e., SharePoint Designer) – typical sayings are “I can’t find anything,” “It’s so slow,” “UXvaries from site to site,” “everyone has access to things they shouldn’t.”2. Restricted: “It’s a file share,” “It’s ugly,” “Nobody has access,” “Red tape to get anything done.”Depending on how regulated you are, you may not have a choice which route to go in! Hosting service providers, PR / Advertising companies with competing accounts, restricted R&D, “ethical walls.”
When is the right time? We see most line of businesses within organizations progressing in this sequence. We’re focusing today on how to introduce governance for each of these areas, because it’s never too late to start!
Our focus today is on a subset of these categories, drawing on the major themes above. IT Assurance for the platform, services, content, etc. Information Governance for managing collaboration
Progression from Manual to Automated, again back to the technology of Governance. We are only implementing a solution as strong as our enforcement.
SharePoint’s Grassroots adoption vs. liability that it causes is an important question. How many people have used SharePoint to manage a project because it was simple to set up a site and manage it through to completion? What about Office 365 governance, who is managing that?For IT governance, you can control the services that you offer, and you can control or track software installations in your environment to prevent proliferation of unmanaged servers for which you can't provide support. What will you provide with each service, and what will you include in service-level agreements for each service?When you develop an IT service to support SharePoint 2010 Products, a key to success is your enterprise's ability to govern the service and ensure that it meets the business needs of your organization in a secure and cost-effective way. A successful IT service includes the following elements:A governing group defines the initial offerings of the service, defines the service's ongoing policies, and meets regularly to evaluate success.The policies you develop are communicated to your enterprise and are enforced.Users are encouraged to use the service and not create their own solutions – installations are tracked.Multiple services are offered to meet different needs in your organization. Offering a set of services enables you to apply unique governance rules and policies at various levels and costs.
One size does not fit all Different types of sites frequently require different governance policies. Typically, published sites have tighter governance over information and application management than team sites and My Site Web sites.Each type of site should have a specific IT Service plan, so that the service level agreements match the importance of the site to the organization as a whole.Note the audiences here- what each of these site types is meant for- note that the level of governance is proportionate to the size of the audience the content is meant for.
Quotas – Quota templates define how much data can be stored in a site collection and the maximum size of uploaded files, management at the onset of content. Site lifecycle management – You can govern how sites are created, the size of sites, and the longevity of sites by using self-service site management and site use confirmation and deletion. Set expiration and access policies to control content in sites.Asset classification – Classify sites and content by value and impact of the content to the organization (such as high, medium, or low business value/impact). Classification then controls other behaviors, such as requiring encryption for high business impact information.Infrastructure policies could include data protection, SQL server or DB sizing, etc. – Vary the level of data protection that you offer based on service levels. Plan the frequency at which you back up the farms and the response time that you will guarantee for restoring data.Security, infrastructure, and Web application policies – how is the system and infrastructure maintained and who has access at what levels. Are you controlling use of fine-grained permissions?All dictated by our SLA.
Object Model Override – as described above, this option needs to be enabled in order to enable super users to retrieve items through the object model, up to the amount defined in the List query size threshold for auditors and administrators.
We need to establish a benchmark for how we will be checking and enforcing the policies and SLAs. Goal here is to find outliers, whether we’re meeting these plans, and whether adoption is going up. Shown on the left- examples of monitoring available in SharePoint, to the right, in DocAve.
Our environment today is a single-farm deployment of SharePoint, using multiple web applications to simulate multiple farms. DocAve version 6 (currently being showcased at AvePoint’s booth) is the tool of choice for our examples.
Feel free to edit
Information management is the governance of information in an enterprise — its documents, lists, Web sites, and Web pages — to maximize the information’s usability and manageability. Another aspect of information management is determining who has access to what content – how are you making content available internally and externally and to whom?
ProliferationBeing too open can often lead to madness within SharePoint and you’ll end up with Sites upon Sites where the content could have been placed in existing areas. Sites will rapidly outgrow the # of users.SharePoint URLs are long and hard to remember, everyone has their own naming standard for site URLs.NavigationBuild in some basic pillars for people to create content in and make it obvious where sub sites should be created.
Important because the management controls will sometimes determine elements of information architecture- at which levels various options can be controlled that are required to support the business need – eg. Uploading large documents or blocking certain file types has to be controlled at the web app- if you only want that functionality for specific departments or use cases, that might require a new web application.
These are the components of information architecture- all of this helps determine how you manage, and your users find, interact with, and leverage data. Planning for these components ultimately can simplify management- and the application of policies can be drastically simplified- for instance, information management policies, auditing, etc can all be enabled per content type
Be sure to consider access to content when you design your solution and sites. This overlaps with IT Governance as you consider your entire environment.
When thinking about content, consider the balance between the following factors, and perhaps have business users fill out an assessment for their site. Which of these factors is the highest priority for each type of content?Availability: available when users need it (can get to it) – so where will content be located? What geography should we locate the data? Do we need to provide mobile access to this content? Access: who has access to the content, if it should be secure, is it? How are we ensuring that is the case? Weekly security audits required? Ongoing monitoring of users? Redundancy: Do we really need another site, or more content? Have we considered shared sites or resources or copies to reduce redundancy, and provide one version of the truth? For example, having a single copy of a document is good for reducing redundancy, but it is a problem for availability and access if it is deleted. What steps need to happen when a list item, document, or page is created, updated, or deleted and who gets affected? Introduce a site contact to speak for the business. For best results, develop a long term solution with them, rather than a temporary solution.
Much of the balancing act on the previous slide should be covered by your document and records management plans, but also consider the storage costs for the content. Understand the capacity planning limits for documents and items, and keep performance and scale in mind.Migration & Planning, onboarding potentially different systems- File share to SharePoint, have users been educated on how content is tagged, and how permissions will work? Have we assessed the changing taxonomy of bringing over other ECM data? Storage decisions for life of content, which could include geography (cloud), retention (WORM), or even availability ( redundancy). Plan for expiration of content today. Content curves are exponential, but as a major financial customer asked AvePoint: “How do we get to the point where I no longer have to purchase new hardware for SharePoint?” Governance helps us dictate the lifecycle of content, including death.
Use workflows and approval for document centers and site pages – wherever official documentation is stored.Use approval for published Web sites to control pages.Use version history and version control to maintain a history and master document.Use content types with auditing and expiration for document libraries to manage document lifecycle.Manage uploads to large libraries by using the Content Organizer.Use site use confirmation and deletion to manage site collection lifecycles.Identify important corporate assets and any sites that contain personally identifiable information – be sure that they are properly secured and audited.Use Records Centers to store, audit, and control records in compliance with regulations or laws.
NOTE: these are possible scenarios- feel free to pick 1
SharePoint’s third phase of growth, as an application development platform, also requires another analysis on our Governance spectrum. The same way we have tried to find a balance between the business and what services IT can offer, we must consider the IT Assurance and other governance aspects again!
Development Lifecycle for SharePoint 2010 at: http://go.microsoft.com/fwlink/?LinkId=200174. Follow these best practices to manage applications that are based on SharePoint 2010 Products throughout their lifecycle:Use separate development, pre-production, and production environments (see Deployment model) and keep these environments in sync.Test all customizations before releasing initially and after any updates have been made before you release them to your production environment.Use source code control and solution and feature versioning to track changes to code.
Combining best practices from Microsoft, with service agreements (plans built in DocAve)
Given back to the business at a value. AvePoint won’t provide the billing mechanism for you, but gives you the tools you need to establish a full SLA, defined in an automated interface.
Automation gives you the chance now to specify how sites may be created!
AvePoint Corporate Overview • Founded and Debuted in 2001 • Worlds Largest SharePoint-Exclusive Research & Development TeamSpecialized with 1,000 Employees (600+ in R&D) • Worlds Largest Provider of Enterprise-Class Governance and Infrastructure Management SolutionsExperienced • 25 Offices, 13 Countries in 5 Continents & 8000+ Customers • Depth-Managed, Microsoft Certified Partner • Comprehensive SharePoint Governance & Management Platform Invested • Offering True 24 x 7 Support - Microsoft Certified Technicians
Agenda• Definition and Purpose of Governance• SharePoint Governance Challenges – IT Governance – Information Governance – Application Management• What does SharePoint Governance look like?• Final Considerations
What is governance? Governance defines the processes, people,policies and technologies that deliver a service
Introducing a Governance Plan Integration Applications Collaboration Content
Today’s Focus Areas for SharePoint Governance • IT governance of the software itself and the services you provide IT Information Governance • Information governance Governance of the content and information that users store in those services. Application Management • Application governance of the custom solutions you provide
Getting the right tools for the job…• Standard administration interfaces – Quotas, locks, permissions, records management• Powershell – Administrative functions, Data protection• SharePoint services and features – Managed metadata service for classification – ISV solutions for management• SharePoint Designer, Visual Manual Studio Automated
IT Governance Centrally Managed Locally Managed Software, Services, and Sites are hosted and Software, Services, and managed centrally by a Sites are hosted and core IT group managed locally by individual groups A successful IT service includes the following elements: • A governing group defines the initial offerings, policies, and evaluates success of the service • The policies you develop are communicated to your enterprise and are enforced • Users are encouraged to use the service and not create their own solutions – installations are tracked • Multiple services are offered to meet different needs in your organization
What to govern in SharePoint?• Best Practices: Quotas and Limits• Content: Site lifecycle management• Social or not? Impact = Exposure Value = Availability If this leaks, will it hurt If this isn’t available,• Asset classification my business? can my business run?• Security, Infrastructure and Web Application policies• Service Level Agreement
Service-level agreements should include:• Length of time and approvals necessary to create a site.• Costs for users/departments.• Operations-level agreement – which teams perform which operations and how frequently.• Policies around problem resolution through a help desk.• Negotiated performance targets for first load of a site, subsequent loads, and performance at remote locations.• Availability, recovery, load balancing, and failover strategies.• Customization policies.• Storage limits for content and sites.• How to handle inactive or stale sites.
Throttling and LimitsFunction Limit ConfigurableList View Threshold 5,000 (20,000 for admins & Yes, Central Admin/web auditors) App SettingsList View Lookup 8 Yes, Central Admin/web App SettingsAllow Object Model On by default Yes, Central Admin/webOverride App SettingsDaily time window None Yes, Central Admin/web App SettingsIndexes Per List 20 NoUnique Permissions 50,000 Yes, Central Admin/web App SettingsSharePoint Workspace 30,000 No
SocialSocial Feature Benefits ConsiderationsTagging Navigation, Search, Content Control, Security, Personal SearchNote Board Quick communication Content Control, Security, SearchRatings Feedback UsageBookmarklets Quick and easy links External linksExpertise Find people Examples, Privacy, Content ControlProfiles Additional Info Privacy, Content ControlBlogs Knowledge Transfer Corporate PolicyWikis Knowledge Transfer Performance and PolicyDiscussion Boards Knowledge Transfer Moderation and Policy
Reports and Inventory of Usage• Web Analytics Reporting – Traffic – Search – Inventory• PowerShell• Inventory – Sites – Quotas – Content Types – Branding – Customizations – Security
Simplifying IT Governance Implementation withTechnology• Centrally enforce limitations – plans and policies for – Data Protection, Recovery, and Availability – Audit Policies – Permission management• Scalability in Management – Giving IT Teams the technology to manage thousands of users – Terabytes of Content – Millions of Audit Records• May need to consider 3rd party products
Information Governance Loosely Managed Highly Restricted Content is tagged only socially Content is tagged with structured and not tracked; permissions and metadata, permissions are tightly archiving are not controlled or controlled, content is archived or managed. purged per retention schedules. Appropriate for: Appropriate for: • Low-business- • Structured content impact content • High-business-impact content • Short-term projects • Personal identifiable • Collaboration information • Records
Information Governance ChallengesProliferation
Information Architecture vs. ManagementInformation Architecture Management• Organize and describe content • Manage the content & service – Metadata – Access levels (permissions) – Structure – Lifecycle – Relationships – Storage• Inputs • Inputs – Knowledge Management team – Information management policies – Librarians – IT usage policies – Content owners – Regulatory environment – Subject matter experts (SMEs) – SLAs• Outcomes • Outcomes – Site map (navigation) – Access levels – Taxonomy – Records management – Search – Compliance – Targeting (audiences) – Performance
Information Architecture Wireframe & Search & Site Map Navigation Information Architecture Managed Content Types Metadata
Management controls and scopes Farm Service Zone Web Application Application Content DB Site collection Top-level site Sub site List/Library Sub site [Folder] Item / Document
Questions to ask when designing a site or solution:• How will the site or solution be structured and divided into a set of site collections and sites?• How will data be presented?• How will site users navigate?• How will search be configured and optimized?• Is there content you specifically want to include or exclude from search?• What types of content will live on sites?• How will content be tagged and how will metadata be managed?• Does any of the content on the sites have unique security needs?• What is the authoritative source for terms?• How will information be targeted at specific audiences?• Do you need to have language- or product-specific versions of your sites?
Information Access Information Management: IT Governance: Access Permissions and Audiences Should I use How do I makeHow do I structure How do I target How do I make this Information Rights sure that only permissions in a content to specific content accessible Management (IRM) people who need site? audiences? to external users? to protect content? access have it? Determine the rules or policies that you need to have in place for the following types of items: • Pages • Blogs and Wikis • Lists • Anonymous comments • Documents • Anonymous access • Records • Terms and term sets • Rich media • External data
Information Assessment Availability Redundancy Access
Information Lifecycle Management Birth Life Rest
Information ManagementKeep content ‘clean’, enable auditing, restructure as you grow
SharePoint 2010 IM: In Place RecordsLock down documents, pages, and list items without an archive Declare items records in bulk Lock down non- document content, like wikis
In Place Records & PoliciesCreate separate retention schedules for records Different policies for records Schedule declaration as part of lifecycle policy
Application Management Strictly Managed Loosely Managed Customizations must adhere to customization policy, Rules about development deployments and updates tested environments or and rigorously managed. customizations are less rigid.Determine customization types you want to allow, and how to manage them:• Service level descriptions • Guidelines for updating customizations• Processes for analyzing customizations • Approved tools for development• Process for piloting and testing customizations • Who is responsible for ongoing code• Guidelines for packaging and deploying support customizations • Specific policies regarding each potential type of customization (done through the UI or SD)
Customizations & Branding• Isolate custom solutions: Sandbox Solutions – Cannot use certain computer and network resources – Cannot access content outside the site collection they are deployed in. – Can be deployed by a site collection administrator. – Governed: only a farm administrator can promote a sandboxed solution to run directly on the farm in full trust.• Master Pages and Page Layouts• Themes• To “Designer” or not to “Designer”• Separate development, pre-production, and production environments (keep these environments in sync)
Governance PlansQuotas Customizations Information10 GB SP Designer Ownership50 GB Site Galleries Content Types100 GB Sandbox Solutions Ethical WallsBackup Storage InfoMgmt Auditing1 hour Tier 1 – SAN 7 years Full Audit1 day Tier 2 – NAS 3 years Views + Edits1 week Tier 3 – Azure 1 year Views
SharePoint Policy Bundles Gold Silver BronzeBackup 1 hour 1 day 1 weekStorage Policy (RBS) Tier 1 – SAN Tier 2 – NAS Tier 3 – AzureInfo Mgmt Policies 7 years 3 years 1 yearAuditing Full View + Edits ViewsSharePoint Designer Enabled Disabled DisabledContent Database Isolated DB Shared SharedSandboxed Solutions Enabled Disabled DisabledQuota 100Gb 50Gb 10GbCost $$$$$$ $$$$ $$
Service Request Types – Surfacing Options to ContentOwners and Business Users• Site Collection Request• Transfer / Clone User Request• Site Collection Content Lifecycle Request• Sub-site Request• Content Move Request• Solution Package Deployment Request• Gallery Artifact Deployment Request• Recover Content Request• Report Request
Service Request Type - Site Collection Request Sales HR ProjectPolicy Silver Silver, Bronze Gold, SilverSecurity Sales Management HR Management Marketing ManagementSite Templates Custom Sales Enterprise Wiki Team Site, Template Publishing SiteService Type Acct Type:Metadata EPG/SMB/FINWorkflow 1 Step 3 Step 2 StepGlobal Metadata Location Location LocationPrimary/Secondary *Fill in the blank* *Fill in the blank* *Fill in the blank*Site Contact
Governance and Training • Governance doesnt work without user adoption and compliance. • End-user training and education, good content, and search are keys to user adoption. • Document governance plan.
Governance StakeholdersForm and use a governance group to create and maintain the policiesand include the following roles:• Information architects or taxonomists• Compliance officers• Influential information workers• IT technical specialists• Development leaders• Trainers• IT managers• Business division leaders• Financial stakeholders• Executive stakeholders
Key takeaways• Governance is there to ensure IT solutions achieve business goals• Start simple• Training• Keep it fresh• Don’t have a policy unless you can enforce it
ContactAvePoint Tony CoppaPhone Slides (201) 793-1111 www.slideshare.net/mlmackie 1-800-661-6588 (toll-free)Email Email firstname.lastname@example.org email@example.comSocial & Community www.DocAve.com http://www.facebook.com/AvePointInc @AvePoint_Inc