1. Delivering Intelligent Governance and
Management
Tony Coppa
AvePoint – Technical Solutions Professional (TSP) Manager
tony.coppa@avepoint.com
2. AvePoint Corporate Overview
• Founded and Debuted in 2001
• World's Largest SharePoint-Exclusive Research & Development Team
Specialized with 1,000 Employees (600+ in R&D)
• World's Largest Provider of Enterprise-Class Governance and
Infrastructure Management Solutions
Experienced • 25 Offices, 13 Countries in 5 Continents & 8000+ Customers
• Depth-Managed, Microsoft Certified Partner
• Comprehensive SharePoint Governance & Management Platform
Invested • Offering True 24 x 7 Support - Microsoft Certified Technicians
3. Agenda
• Definition and Purpose of Governance
• SharePoint Governance Challenges
– IT Governance
– Information Governance
– Application Management
• What does SharePoint Governance look like?
• Final Considerations
4. What is governance?
Governance defines the
processes, people,
policies and technologies
that deliver a service
9. Today’s Focus Areas for SharePoint Governance
• IT governance of the
software itself and the
services you provide
IT Information
Governance
• Information governance
Governance
of the content and
information that users
store in those services.
Application
Management
• Application governance of
the custom solutions you
provide
10. Getting the right tools for the job…
• Standard administration
interfaces
– Quotas, locks, permissions,
records management
• Powershell
– Administrative functions, Data
protection
• SharePoint services and features
– Managed metadata service for
classification
– ISV solutions for management
• SharePoint Designer, Visual Manual
Studio Automated
11. IT Governance
Centrally
Managed Locally
Managed
Software, Services, and
Sites are hosted and Software, Services, and
managed centrally by a Sites are hosted and
core IT group managed locally by
individual groups
A successful IT service includes the following elements:
• A governing group defines the initial offerings, policies, and evaluates success of the service
• The policies you develop are communicated to your enterprise and are enforced
• Users are encouraged to use the service and not create their own solutions – installations are
tracked
• Multiple services are offered to meet different needs in your organization
13. What to govern in SharePoint?
• Best Practices: Quotas and Limits
• Content: Site lifecycle management
• Social or not? Impact = Exposure Value = Availability
If this leaks, will it hurt If this isn’t available,
• Asset classification my business? can my business run?
• Security, Infrastructure and Web Application policies
• Service Level Agreement
14. Service-level agreements should include:
• Length of time and approvals necessary to create a site.
• Costs for users/departments.
• Operations-level agreement – which teams perform which
operations and how frequently.
• Policies around problem resolution through a help desk.
• Negotiated performance targets for first load of a site,
subsequent loads, and performance at remote locations.
• Availability, recovery, load balancing, and failover strategies.
• Customization policies.
• Storage limits for content and sites.
• How to handle inactive or stale sites.
15. Throttling and Limits
Function Limit Configurable
List View Threshold 5,000 (20,000 for admins & Yes, Central Admin/web
auditors) App Settings
List View Lookup 8 Yes, Central Admin/web
App Settings
Allow Object Model On by default Yes, Central Admin/web
Override App Settings
Daily time window None Yes, Central Admin/web
App Settings
Indexes Per List 20 No
Unique Permissions 50,000 Yes, Central Admin/web
App Settings
SharePoint Workspace 30,000 No
16. Social
Social Feature Benefits Considerations
Tagging Navigation, Search, Content Control, Security,
Personal Search
Note Board Quick communication Content Control, Security,
Search
Ratings Feedback Usage
Bookmarklets Quick and easy links External links
Expertise Find people Examples, Privacy, Content
Control
Profiles Additional Info Privacy, Content Control
Blogs Knowledge Transfer Corporate Policy
Wikis Knowledge Transfer Performance and Policy
Discussion Boards Knowledge Transfer Moderation and Policy
18. Simplifying IT Governance Implementation with
Technology
• Centrally enforce limitations – plans and policies for
– Data Protection, Recovery, and Availability
– Audit Policies
– Permission management
• Scalability in Management
– Giving IT Teams the technology to manage thousands of
users
– Terabytes of Content
– Millions of Audit Records
• May need to consider 3rd party products
20. Information Governance
Loosely
Managed Highly
Restricted
Content is tagged only socially Content is tagged with structured
and not tracked; permissions and metadata, permissions are tightly
archiving are not controlled or controlled, content is archived or
managed. purged per retention schedules.
Appropriate for: Appropriate for:
• Low-business- • Structured content
impact content • High-business-impact content
• Short-term projects • Personal identifiable
• Collaboration information
• Records
22. Information Architecture vs. Management
Information Architecture Management
• Organize and describe content • Manage the content & service
– Metadata – Access levels (permissions)
– Structure – Lifecycle
– Relationships – Storage
• Inputs • Inputs
– Knowledge Management team – Information management policies
– Librarians – IT usage policies
– Content owners – Regulatory environment
– Subject matter experts (SMEs) – SLAs
• Outcomes • Outcomes
– Site map (navigation) – Access levels
– Taxonomy – Records management
– Search – Compliance
– Targeting (audiences) – Performance
23. Information Architecture
Wireframe & Search &
Site Map Navigation
Information
Architecture
Managed
Content Types
Metadata
24. Management controls and scopes
Farm
Service
Zone Web Application
Application
Content DB
Site collection
Top-level site
Sub site List/Library Sub site
[Folder]
Item / Document
25. Questions to ask when designing a site or solution:
• How will the site or solution be structured and divided into a set of
site collections and sites?
• How will data be presented?
• How will site users navigate?
• How will search be configured and optimized?
• Is there content you specifically want to include or exclude from
search?
• What types of content will live on sites?
• How will content be tagged and how will metadata be managed?
• Does any of the content on the sites have unique security needs?
• What is the authoritative source for terms?
• How will information be targeted at specific audiences?
• Do you need to have language- or product-specific versions of your
sites?
26. Information Access
Information Management:
IT Governance: Access
Permissions and Audiences
Should I use How do I make
How do I structure How do I target How do I make this
Information Rights sure that only
permissions in a content to specific content accessible
Management (IRM) people who need
site? audiences? to external users?
to protect content? access have it?
Determine the rules or policies that you need to have in place for the
following types of items:
• Pages • Blogs and Wikis
• Lists • Anonymous comments
• Documents • Anonymous access
• Records • Terms and term sets
• Rich media • External data
30. SharePoint 2010 IM: In Place Records
Lock down documents, pages, and list items without an archive
Declare items
records in bulk
Lock down non-
document
content, like wikis
31. In Place Records & Policies
Create separate retention schedules for records
Different policies
for records
Schedule
declaration as
part of lifecycle
policy
33. Application Management
Strictly
Managed Loosely
Managed
Customizations must adhere to
customization policy, Rules about development
deployments and updates tested environments or
and rigorously managed. customizations are less rigid.
Determine customization types you want to allow, and how to manage them:
• Service level descriptions • Guidelines for updating customizations
• Processes for analyzing customizations • Approved tools for development
• Process for piloting and testing customizations • Who is responsible for ongoing code
• Guidelines for packaging and deploying support
customizations • Specific policies regarding each potential
type of customization (done through the UI
or SD)
34. Customizations & Branding
• Isolate custom solutions: Sandbox Solutions
– Cannot use certain computer and network resources
– Cannot access content outside the site collection they are deployed in.
– Can be deployed by a site collection administrator.
– Governed: only a farm administrator can promote a sandboxed solution to run
directly on the farm in full trust.
• Master Pages and Page Layouts
• Themes
• To “Designer” or not to “Designer”
• Separate development, pre-production, and production environments
(keep these environments in sync)
39. Governance Plans
Quotas Customizations Information
10 GB SP Designer Ownership
50 GB Site Galleries Content Types
100 GB Sandbox Solutions Ethical Walls
Backup Storage InfoMgmt Auditing
1 hour Tier 1 – SAN 7 years Full Audit
1 day Tier 2 – NAS 3 years Views + Edits
1 week Tier 3 – Azure 1 year Views
40. SharePoint Policy Bundles
Gold Silver Bronze
Backup 1 hour 1 day 1 week
Storage Policy (RBS) Tier 1 – SAN Tier 2 – NAS Tier 3 – Azure
Info Mgmt Policies 7 years 3 years 1 year
Auditing Full View + Edits Views
SharePoint Designer Enabled Disabled Disabled
Content Database Isolated DB Shared Shared
Sandboxed Solutions Enabled Disabled Disabled
Quota 100Gb 50Gb 10Gb
Cost $$$$$$ $$$$ $$
41. Service Request Types – Surfacing Options to Content
Owners and Business Users
• Site Collection Request
• Transfer / Clone User Request
• Site Collection Content Lifecycle Request
• Sub-site Request
• Content Move Request
• Solution Package Deployment Request
• Gallery Artifact Deployment Request
• Recover Content Request
• Report Request
42. Service Request Type - Site Collection Request
Sales HR Project
Policy Silver Silver, Bronze Gold, Silver
Security Sales Management HR Management Marketing
Management
Site Templates Custom Sales Enterprise Wiki Team Site,
Template Publishing Site
Service Type Acct Type:
Metadata EPG/SMB/FIN
Workflow 1 Step 3 Step 2 Step
Global Metadata Location Location Location
Primary/Secondary *Fill in the blank* *Fill in the blank* *Fill in the blank*
Site Contact
44. Governance and Training
• Governance doesn't
work without user
adoption and
compliance.
• End-user training and
education, good
content, and search
are keys to user
adoption.
• Document governance
plan.
45. Governance Stakeholders
Form and use a governance group to create and maintain the policies
and include the following roles:
• Information architects or
taxonomists
• Compliance officers
• Influential information workers
• IT technical specialists
• Development leaders
• Trainers
• IT managers
• Business division leaders
• Financial stakeholders
• Executive stakeholders
46. Key takeaways
• Governance is there to ensure IT solutions achieve business
goals
• Start simple
• Training
• Keep it fresh
• Don’t have a policy unless you can enforce it
47. Contact
AvePoint Tony Coppa
Phone Slides
(201) 793-1111 www.slideshare.net/mlmackie
1-800-661-6588 (toll-free)
Email Email
sales@avepoint.com tony.coppa@avepoint.com
Social & Community
www.DocAve.com
http://www.facebook.com/AvePointInc
@AvePoint_Inc
Editor's Notes
Mary Leigh
Achieve business goals
Creation of a well constructed governance plan is a core task for any org looking to establish good controlled sharepoint deployment….But it is just the beginning…
Emphasis here on communication and accountability. Governance is the set of policies, roles, responsibilities, and processes that guides, directs, and controls how an organization's business divisions and IT teams cooperate to achieve business goals. Regardless of what gets documented for the organization, the question of “What’s possible” (technology) is key. We are writing specific governance plans for a technology, so knowing what to enforce is key. Does this sound like you? Anonymous AvePoint customer quote: "We have a lot of great standards that people don't really want to follow."
This spectrum applies to all phases of governance we are talking about today, IT Gov, Information Gov, and Application Lifecycle Management(very restricted is easy out of the box – need a perfect mix)Today we are looking at a spectrum for each area of governance: 1. Few restrictions, everyone has access (i.e., SharePoint Designer) – typical sayings are “I can’t find anything,” “It’s so slow,” “UXvaries from site to site,” “everyone has access to things they shouldn’t.”2. Restricted: “It’s a file share,” “It’s ugly,” “Nobody has access,” “Red tape to get anything done.”Depending on how regulated you are, you may not have a choice which route to go in! Hosting service providers, PR / Advertising companies with competing accounts, restricted R&D, “ethical walls.”
When is the right time? We see most line of businesses within organizations progressing in this sequence. We’re focusing today on how to introduce governance for each of these areas, because it’s never too late to start!
Our focus today is on a subset of these categories, drawing on the major themes above. IT Assurance for the platform, services, content, etc. Information Governance for managing collaboration
Progression from Manual to Automated, again back to the technology of Governance. We are only implementing a solution as strong as our enforcement.
SharePoint’s Grassroots adoption vs. liability that it causes is an important question. How many people have used SharePoint to manage a project because it was simple to set up a site and manage it through to completion? What about Office 365 governance, who is managing that?For IT governance, you can control the services that you offer, and you can control or track software installations in your environment to prevent proliferation of unmanaged servers for which you can't provide support. What will you provide with each service, and what will you include in service-level agreements for each service?When you develop an IT service to support SharePoint 2010 Products, a key to success is your enterprise's ability to govern the service and ensure that it meets the business needs of your organization in a secure and cost-effective way. A successful IT service includes the following elements:A governing group defines the initial offerings of the service, defines the service's ongoing policies, and meets regularly to evaluate success.The policies you develop are communicated to your enterprise and are enforced.Users are encouraged to use the service and not create their own solutions – installations are tracked.Multiple services are offered to meet different needs in your organization. Offering a set of services enables you to apply unique governance rules and policies at various levels and costs.
One size does not fit all Different types of sites frequently require different governance policies. Typically, published sites have tighter governance over information and application management than team sites and My Site Web sites.Each type of site should have a specific IT Service plan, so that the service level agreements match the importance of the site to the organization as a whole.Note the audiences here- what each of these site types is meant for- note that the level of governance is proportionate to the size of the audience the content is meant for.
Quotas – Quota templates define how much data can be stored in a site collection and the maximum size of uploaded files, management at the onset of content. Site lifecycle management – You can govern how sites are created, the size of sites, and the longevity of sites by using self-service site management and site use confirmation and deletion. Set expiration and access policies to control content in sites.Asset classification – Classify sites and content by value and impact of the content to the organization (such as high, medium, or low business value/impact). Classification then controls other behaviors, such as requiring encryption for high business impact information.Infrastructure policies could include data protection, SQL server or DB sizing, etc. – Vary the level of data protection that you offer based on service levels. Plan the frequency at which you back up the farms and the response time that you will guarantee for restoring data.Security, infrastructure, and Web application policies – how is the system and infrastructure maintained and who has access at what levels. Are you controlling use of fine-grained permissions?All dictated by our SLA.
Object Model Override – as described above, this option needs to be enabled in order to enable super users to retrieve items through the object model, up to the amount defined in the List query size threshold for auditors and administrators.
We need to establish a benchmark for how we will be checking and enforcing the policies and SLAs. Goal here is to find outliers, whether we’re meeting these plans, and whether adoption is going up. Shown on the left- examples of monitoring available in SharePoint, to the right, in DocAve.
Our environment today is a single-farm deployment of SharePoint, using multiple web applications to simulate multiple farms. DocAve version 6 (currently being showcased at AvePoint’s booth) is the tool of choice for our examples.
Feel free to edit
Information management is the governance of information in an enterprise — its documents, lists, Web sites, and Web pages — to maximize the information’s usability and manageability. Another aspect of information management is determining who has access to what content – how are you making content available internally and externally and to whom?
ProliferationBeing too open can often lead to madness within SharePoint and you’ll end up with Sites upon Sites where the content could have been placed in existing areas. Sites will rapidly outgrow the # of users.SharePoint URLs are long and hard to remember, everyone has their own naming standard for site URLs.NavigationBuild in some basic pillars for people to create content in and make it obvious where sub sites should be created.
Important because the management controls will sometimes determine elements of information architecture- at which levels various options can be controlled that are required to support the business need – eg. Uploading large documents or blocking certain file types has to be controlled at the web app- if you only want that functionality for specific departments or use cases, that might require a new web application.
These are the components of information architecture- all of this helps determine how you manage, and your users find, interact with, and leverage data. Planning for these components ultimately can simplify management- and the application of policies can be drastically simplified- for instance, information management policies, auditing, etc can all be enabled per content type
Be sure to consider access to content when you design your solution and sites. This overlaps with IT Governance as you consider your entire environment.
When thinking about content, consider the balance between the following factors, and perhaps have business users fill out an assessment for their site. Which of these factors is the highest priority for each type of content?Availability: available when users need it (can get to it) – so where will content be located? What geography should we locate the data? Do we need to provide mobile access to this content? Access: who has access to the content, if it should be secure, is it? How are we ensuring that is the case? Weekly security audits required? Ongoing monitoring of users? Redundancy: Do we really need another site, or more content? Have we considered shared sites or resources or copies to reduce redundancy, and provide one version of the truth? For example, having a single copy of a document is good for reducing redundancy, but it is a problem for availability and access if it is deleted. What steps need to happen when a list item, document, or page is created, updated, or deleted and who gets affected? Introduce a site contact to speak for the business. For best results, develop a long term solution with them, rather than a temporary solution.
Much of the balancing act on the previous slide should be covered by your document and records management plans, but also consider the storage costs for the content. Understand the capacity planning limits for documents and items, and keep performance and scale in mind.Migration & Planning, onboarding potentially different systems- File share to SharePoint, have users been educated on how content is tagged, and how permissions will work? Have we assessed the changing taxonomy of bringing over other ECM data? Storage decisions for life of content, which could include geography (cloud), retention (WORM), or even availability ( redundancy). Plan for expiration of content today. Content curves are exponential, but as a major financial customer asked AvePoint: “How do we get to the point where I no longer have to purchase new hardware for SharePoint?” Governance helps us dictate the lifecycle of content, including death.
Use workflows and approval for document centers and site pages – wherever official documentation is stored.Use approval for published Web sites to control pages.Use version history and version control to maintain a history and master document.Use content types with auditing and expiration for document libraries to manage document lifecycle.Manage uploads to large libraries by using the Content Organizer.Use site use confirmation and deletion to manage site collection lifecycles.Identify important corporate assets and any sites that contain personally identifiable information – be sure that they are properly secured and audited.Use Records Centers to store, audit, and control records in compliance with regulations or laws.
Toby
NOTE: these are possible scenarios- feel free to pick 1
SharePoint’s third phase of growth, as an application development platform, also requires another analysis on our Governance spectrum. The same way we have tried to find a balance between the business and what services IT can offer, we must consider the IT Assurance and other governance aspects again!
Development Lifecycle for SharePoint 2010 at: http://go.microsoft.com/fwlink/?LinkId=200174. Follow these best practices to manage applications that are based on SharePoint 2010 Products throughout their lifecycle:Use separate development, pre-production, and production environments (see Deployment model) and keep these environments in sync.Test all customizations before releasing initially and after any updates have been made before you release them to your production environment.Use source code control and solution and feature versioning to track changes to code.
Combining best practices from Microsoft, with service agreements (plans built in DocAve)
Given back to the business at a value. AvePoint won’t provide the billing mechanism for you, but gives you the tools you need to establish a full SLA, defined in an automated interface.
Automation gives you the chance now to specify how sites may be created!