So you've heard about "Governance" from all angles in the SharePoint community-the fact that you need "People" to define "Policies", but what Processes are actually required to bring this to fruition? This session will discuss how to bring these three P's together by enforcing established Policies through Processes built using out-of-the-box SharePoint by the People (SharePoint IT Administrators and Site Owners). The session will cover what is feasible using native SharePoint 2010 functionality, and what to watch for to ensure you are planning for common challenges customers face.
2. AvePoint: Who We Are
Global Leader -- Microsoft® SharePoint Infrastructure Management
“Clearly AvePoint is making the most of both Microsoft technology and the Microsoft
Partner Network in its quest to create a profitable business.”
– Jon Roskill, Microsoft Corporate Vice President, Worldwide Partner Group
3. Session Objectives and Takeaways
• Definition and Purpose of Governance
• SharePoint Governance Challenges
– IT Governance
– Information Governance
– Application Management
• What does SharePoint Governance look like?
– Out of the box capabilities
– When to think about additional technology options
• Final Considerations
4. Key Players of Governance
People
Policy Process
Technology
6. Key Policy Areas of Governance
Project
IT Assurance
Governance
Technology &
Information
Business
Governance
Alignment
Continuous
Improvement
http://www.21apps.com/governance/sharepoint-governance-3-0/
8. Today’s Focus Areas for SharePoint Governance
IT governance of the
software itself and the
services you provide
IT Information Information governance
Assurance Governance
of the content and
information that users
store in those services.
Application Application governance
Management
of the custom solutions
you provide
10. Getting the right tools for the job…
• Standard administration
interfaces
– Quotas, locks, permissions,
records management
• Powershell
– Administrative functions,
Data protection
• SharePoint services and
features
– Managed metadata service
for classification
– ISV solutions for
management
Manual
• SharePoint Designer, Visual Automated
Studio
11. What to govern in SharePoint?
• Best Practices: Quotas and Limits
• Content: Site lifecycle management
• Social or not? Impact = Exposure Value = Availability
If this leaks, will it hurt If this isn’t available,
Asset classification my business? can my business run?
• Security, Infrastructure and Web Application
policies
• Service Level Agreement
12. IT Governance
Centrally Managed Locally Managed
Software, Services, and Sites are Software, Services, and Sites are
hosted and managed centrally by a hosted and managed locally by
core IT group individual groups
What’s the right balance
for your organization?
A successful IT service includes the following elements:
A governing group defines the initial offerings, policies, and evaluates success of the
service
The policies you develop are communicated to your enterprise and are enforced
Users are encouraged to use the service and not create their own solutions –
installations are tracked
Multiple services are offered to meet different needs in your organization
14. Service-level agreements should include:
• Length of time and approvals necessary to create a site.
• Costs for users/departments.
• Operations-level agreement – which teams perform which
operations and how frequently.
• Policies around problem resolution through a help desk.
• Negotiated performance targets for first load of a site,
subsequent loads, and performance at remote locations.
• Availability, recovery, load balancing, and failover strategies.
• Customization policies.
• Storage limits for content and sites.
• How to handle inactive or stale sites.
15. Throttling and Limits
Function Limit Configurable
List View Threshold 5,000 (20,000 for admins & Yes, Central Admin/web
auditors) App Settings
List View Lookup 8 Yes, Central Admin/web
App Settings
Allow OM Override On by default Yes, Central Admin/web
App Settings
Daily time window None Yes, Central Admin/web
App Settings
Indexes Per List 20 No
Unique Permissions 50,000 Yes, Central Admin/web
App Settings
SharePoint Workspace 30,000 No
16. Social
Social Feature Benefits Considerations
Tagging Navigation, Search, Content Control, Security,
Personal Search
Note Board Quick communication Content Control, Security,
Search
Ratings Feedback Usage
Bookmarklets Quick and easy links External links
Expertise Find people Examples, Privacy, Content
Control
Profiles Additional Info Privacy, Content Control
Blogs Knowledge Transfer Corporate Policy
Wikis Knowledge Transfer Performance and Policy
Discussion Boards Knowledge Transfer Moderation and Policy
18. Simplifying IT Governance Implementation
with Technology
Consider 3rd party tools to:
• Centrally enforce limitations – plans and policies for
– Data Protection, Recovery, and Availability
– Audit Policies
– Permission management
• Scalability in Management
– Giving IT Teams the technology to manage thousands
of users
– Terabytes of Content
– Millions of Audit Records
19. Information Governance
Tightly Managed Loosely Managed
Content is tagged with structured Content is tagged only socially
metadata, permissions are tightly and not tracked; permissions and
controlled, content is archived or archiving are not controlled or
purged per retention schedules. managed.
Appropriate for: Appropriate for:
• Structured content What’s the right • Low-business-impact
• High-business-impact content
content
balance for your • Short-term projects
• Personal identifiable organization? • Records
information • Collaboration
• Records
20. Information Architecture
Wireframe & Search &
Site Map Navigation
Information
Architecture
Managed
Content Types
Metadata
21. Questions to ask when designing a site or solution:
• How will the site or solution be structured and divided into a set of
site collections and sites?
• How will data be presented?
• How will site users navigate?
• How will search be configured and optimized?
• Is there content you specifically want to include or exclude from
search?
• What types of content will live on sites?
• How will content be tagged and how will metadata be managed?
• Does any of the content on the sites have unique security needs?
• What is the authoritative source for terms?
• How will information be targeted at specific audiences?
• Do you need to have language- or product-specific versions of your
sites?
http://www.criticalpathtraining.com/Members/Pages/Presentations.aspx
Incorporating Managed Metadata in Custom Solutions in SharePoint 2010 Session
22. Information Access
Information Management:
IT Governance: Access
Permissions and Audiences
Should I use How do I make
How do I structure How do I target How do I make this
Information Rights sure that only
permissions in a content to specific content accessible
Management (IRM) people who need
site? audiences? to external users?
to protect content? access have it?
Determine the rules or policies that you need to have in
place for the following types of items:
Pages Blogs and Wikis
Lists Anonymous
Documents comments
Records Anonymous access
Rich media Terms and term sets
External data
26. SharePoint 2010 IM: In Place Records
Lock down documents, pages, and list items without an archive
Declare items
records in bulk
Lock down non-
document
content, like wikis
27. In Place Records & Policies
Create separate retention schedules for records
Different policies
for records
Schedule
declaration as part
of lifecycle policy
28. Application Management
Strictly managed Loosely Managed
development Development
Customizations must adhere to Rules about development
customization policy, deployments and environments or customizations are
updates tested and rigorously managed. less rigid.
What’s the right balance
for your organization?
Determine customization types you want to allow/disallow, and how to
manage them:
Service level descriptions Approved tools for development
Processes for analyzing customizations Who is responsible for ongoing code
Process for piloting and testing support
customizations Specific policies regarding each
Guidelines for packaging and deploying potential type of customization (done
customizations through the UI or SD)
Guidelines for updating customizations
29. Customizations & Branding
• Isolate custom solutions: Sandbox Solutions
– Cannot use certain computer and network resources
– Cannot access content outside the site collection they are deployed
in.
– Can be deployed by a site collection administrator.
– Governed: only a farm administrator can promote a sandboxed
solution to run directly on the farm in full trust.
• Master Pages and Page Layouts
• Themes
• To “Designer” or not to “Designer”
• Separate development, pre-production, and production
environments (keep these environments in sync)
32. Governance Plans
Quotas Customizations Information
10 GB SP Designer Ownership
50 GB Site Galleries Content Types
100 GB Sandbox Solutions Ethical Walls
Backup Storage InfoMgmt Auditing
1 hour Tier 1 – SAN 7 years Full Audit
1 day Tier 2 – NAS 3 years Views + Edits
1 week Tier 3 – Azure 1 year Views
33. SharePoint Policy Bundles
Gold Silver Bronze
Backup 1 hour 1 day 1 week
Storage Policy Tier 1 – SAN Tier 2 – NAS Tier 3 – Azure
(RBS)
Info Mgmt Policies 7 years 3 years 1 year
Auditing Full View + Edits Views
SharePoint Designer Enabled Disabled Disabled
Content Database Isolated DB Shared Shared
Sandboxed Enabled Disabled Disabled
Solutions
Quota 100Gb 50Gb 10Gb
Cost $$$$$$ $$$$ $$
34. Service Request Types – Surfacing Options to
Content Owners and Business Users
• Site Collection Request
• Transfer / Clone User Request
• Site Collection Content Lifecycle Request
• Sub-site Request
• Content Move Request
• Solution Package Deployment Request
• Gallery Artifact Deployment Request
• Recover Content Request
• Report Request
35. Service Request Type - Site Collection Request
Sales HR Marketing
Policy Gold, Silver Silver Bronze
Security Marketing Sales HR Management
Management Management
Site Templates Team Site, Custom Sales Enterprise Wiki
Publishing Site Template
Service Type Acc Type:
Metadata EPG/SMB/FIN
Workflow 2 Step 1 Step 3 Step
Global Metadata Location Location Location
Primary/Secondary *Fill in the blank* *Fill in the blank* *Fill in the blank*
Site Contact
37. Governance and Training
• Governance doesn't
work without user
adoption and
compliance.
• End-user training
and education, good
content, and search
are keys to user
adoption.
• Document
governance plan.
38. Governance Stakeholders
Form and use a governance group to create and maintain the policies
and include the following roles:
Information architects or Trainers
taxonomists IT managers
Business division
Compliance officers leaders
Influential information workers Financial stakeholders
IT technical specialists Executive stakeholders
Development leaders
39. Key takeaways
• Governance is there to ensure IT solutions achieve
business goals
• Start simple
• Training
• Keep it fresh
• Don’t have a policy unless you can enforce it