spsdenver-enforcing.sp.governance
DESCRIPTION
So you've heard about "Governance" from all angles in the SharePoint community-the fact that you need "People" to define "Policies", but what Processes are actually required to bring this to fruition? This session will discuss how to bring these three P's together by enforcing established Policies through Processes built using out-of-the-box SharePoint by the People (SharePoint IT Administrators and Site Owners). The session will cover what is feasible using native SharePoint 2010 functionality, and what to watch for to ensure you are planning for common challenges customers face.TRANSCRIPT
Enforcing SharePoint Governance Mary Leigh Mackie
Director of Product Marketing
@mlmackie [email protected]
AvePoint: Who We Are Global Leader -- Microsoft® SharePoint
Infrastructure Management
“Clearly AvePoint is making the most of both Microsoft technology and the Microsoft
Partner Network in its quest to create a profitable business.”
– Jon Roskill, Microsoft Corporate Vice President, Worldwide Partner Group
Session Objectives and Takeaways
• Definition and Purpose of Governance
• SharePoint Governance Challenges
– IT Governance
– Information Governance
– Application Management
• What does SharePoint Governance look like?
– Out of the box capabilities
– When to think about additional technology options
• Final Considerations
Key Players of Governance
People
Process
Technology
Policy
Governance Spectrum
Chaos Restricted
Key Policy Areas of Governance
IT Assurance Project
Governance
Information Governance
Technology & Business Alignment
Continuous Improvement
http://www.21apps.com/governance/sharepoint-governance-3-0/
Introducing a Governance Plan
Integration
Applications
Collaboration
Content
Today’s Focus Areas for SharePoint Governance
Information Governance
Application Management
IT Assurance
IT governance of the
software itself and the
services you provide
Information governance
of the content and
information that users
store in those services.
Application governance
of the custom solutions
you provide
Governance and Site types
• Standard administration interfaces – Quotas, locks, permissions,
records management
• Powershell – Administrative functions,
Data protection
• SharePoint services and features – Managed metadata service
for classification
– ISV solutions for management
• SharePoint Designer, Visual Studio
Manual Automated
Getting the right tools for the job…
What to govern in SharePoint?
• Best Practices: Quotas and Limits
• Content: Site lifecycle management
• Social or not?
Asset classification
• Security, Infrastructure and Web Application
policies
• Service Level Agreement
Impact = Exposure If this leaks, will it hurt
my business?
Value = Availability If this isn’t available,
can my business run?
IT Governance
A successful IT service includes the following elements:
A governing group defines the initial offerings, policies, and evaluates success of the service
The policies you develop are communicated to your enterprise and are enforced Users are encouraged to use the service and not create their own solutions –
installations are tracked Multiple services are offered to meet different needs in your organization
What’s the right balance
for your organization?
Centrally Managed Software, Services, and Sites are
hosted and managed centrally by a
core IT group
Locally Managed Software, Services, and Sites are
hosted and managed locally by
individual groups
IT Governance Challenges
© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means,
without the prior written consent of AvePoint, Inc.
Proliferation
Service-level agreements should include:
• Length of time and approvals necessary to create a site.
• Costs for users/departments.
• Operations-level agreement – which teams perform which
operations and how frequently.
• Policies around problem resolution through a help desk.
• Negotiated performance targets for first load of a site,
subsequent loads, and performance at remote locations.
• Availability, recovery, load balancing, and failover strategies.
• Customization policies.
• Storage limits for content and sites.
• How to handle inactive or stale sites.
Throttling and Limits
Function Limit Configurable
List View Threshold 5,000 (20,000 for admins & auditors)
Yes, Central Admin/web App Settings
List View Lookup 8 Yes, Central Admin/web App Settings
Allow OM Override On by default Yes, Central Admin/web App Settings
Daily time window None Yes, Central Admin/web App Settings
Indexes Per List 20 No
Unique Permissions 50,000 Yes, Central Admin/web App Settings
SharePoint Workspace 30,000 No
Social
Social Feature Benefits Considerations
Tagging Navigation, Search, Personal
Content Control, Security, Search
Note Board Quick communication Content Control, Security, Search
Ratings Feedback Usage
Bookmarklets Quick and easy links External links
Expertise Find people Examples, Privacy, Content Control
Profiles Additional Info Privacy, Content Control
Blogs Knowledge Transfer Corporate Policy
Wikis Knowledge Transfer Performance and Policy
Discussion Boards Knowledge Transfer Moderation and Policy
Reports and Inventory of Usage
• Web Analytics Reporting – Traffic
– Search
– Inventory
• PowerShell
• Inventory – Sites
– Quotas
– Content Types
– Branding
– Customizations
– Security
Simplifying IT Governance Implementation
with Technology
Consider 3rd party tools to:
• Centrally enforce limitations – plans and policies for
– Data Protection, Recovery, and Availability
– Audit Policies
– Permission management
• Scalability in Management
– Giving IT Teams the technology to manage thousands of users
– Terabytes of Content
– Millions of Audit Records
Information Governance
What’s the right
balance for your
organization?
Tightly Managed Content is tagged with structured
metadata, permissions are tightly
controlled, content is archived or
purged per retention schedules.
Loosely Managed Content is tagged only socially
and not tracked; permissions and
archiving are not controlled or
managed.
Appropriate for: • Structured content
• High-business-impact
content
• Personal identifiable
information
• Records
Appropriate for: • Low-business-impact
content
• Short-term projects
• Records
• Collaboration
Information Architecture
Wireframe & Site Map
Search & Navigation
Managed Metadata
Content Types
Information Architecture
Questions to ask when designing a site or solution:
• How will the site or solution be structured and divided into a set of site collections and sites?
• How will data be presented?
• How will site users navigate?
• How will search be configured and optimized?
• Is there content you specifically want to include or exclude from search?
• What types of content will live on sites?
• How will content be tagged and how will metadata be managed?
• Does any of the content on the sites have unique security needs?
• What is the authoritative source for terms?
• How will information be targeted at specific audiences?
• Do you need to have language- or product-specific versions of your sites?
http://www.criticalpathtraining.com/Members/Pages/Presentations.aspx Incorporating Managed Metadata in Custom Solutions in SharePoint 2010 Session
Information Access
Determine the rules or policies that you need to have in
place for the following types of items:
Pages
Lists
Documents
Records
Rich media
Blogs and Wikis
Anonymous
comments
Anonymous access
Terms and term sets
External data
Information Management: Permissions and Audiences
How do I structure permissions in a
site?
How do I target content to specific
audiences?
Should I use Information Rights Management (IRM) to protect content?
IT Governance: Access
How do I make this content accessible to external users?
How do I make sure that only
people who need access have it?
Information Assessment
Availability
Access Redundancy
Birth Life Rest
Information Lifecycle Management
Information Management Keeping content ‘clean’, enabling auditing for
specified content types, & restructuring as you grow
© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means,
without the prior written consent of AvePoint, Inc.
SharePoint 2010 IM: In Place Records Lock down documents, pages, and list items without an archive
Declare items records in bulk
Lock down non-document
content, like wikis
In Place Records & Policies Create separate retention schedules for records
Different policies for records
Schedule declaration as part of lifecycle policy
Application Management
Determine customization types you want to allow/disallow, and how to manage them:
Service level descriptions Processes for analyzing customizations Process for piloting and testing
customizations Guidelines for packaging and deploying
customizations Guidelines for updating customizations
Approved tools for development Who is responsible for ongoing code
support Specific policies regarding each
potential type of customization (done through the UI or SD)
What’s the right balance
for your organization?
Strictly managed
development Customizations must adhere to
customization policy, deployments and
updates tested and rigorously managed.
Loosely Managed
Development Rules about development
environments or customizations are
less rigid.
Customizations & Branding
• Isolate custom solutions: Sandbox Solutions – Cannot use certain computer and network resources
– Cannot access content outside the site collection they are deployed in.
– Can be deployed by a site collection administrator.
– Governed: only a farm administrator can promote a sandboxed solution to run directly on the farm in full trust.
• Master Pages and Page Layouts
• Themes
• To “Designer” or not to “Designer”
• Separate development, pre-production, and production environments (keep these environments in sync)
Lifecycle management process
Implementing Governance Policies
© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
Governance Plans
Backup
1 hour
1 day
1 week
Storage
Tier 1 – SAN
Tier 2 – NAS
Tier 3 – Azure
InfoMgmt
7 years
3 years
1 year
Auditing
Full Audit
Views + Edits
Views
Quotas Customizations Information
10 GB SP Designer Ownership
50 GB Site Galleries Content Types
100 GB Sandbox Solutions Ethical Walls
SharePoint Policy Bundles
Gold Silver Bronze
Backup 1 hour 1 day 1 week
Storage Policy
(RBS)
Tier 1 – SAN Tier 2 – NAS Tier 3 – Azure
Info Mgmt Policies 7 years 3 years 1 year
Auditing Full View + Edits Views
SharePoint Designer Enabled Disabled Disabled
Content Database Isolated DB Shared Shared
Sandboxed
Solutions
Enabled Disabled Disabled
Quota 100Gb 50Gb 10Gb
Cost $$$$$$ $$$$ $$
Service Request Types – Surfacing Options to
Content Owners and Business Users
• Site Collection Request
• Transfer / Clone User Request
• Site Collection Content Lifecycle Request
• Sub-site Request
• Content Move Request
• Solution Package Deployment Request
• Gallery Artifact Deployment Request
• Recover Content Request
• Report Request
Service Request Type - Site Collection Request
Sales HR Marketing
Policy Gold, Silver Silver Bronze
Security Marketing
Management
Sales
Management
HR Management
Site Templates Team Site,
Publishing Site
Custom Sales
Template
Enterprise Wiki
Service Type
Metadata
Acc Type:
EPG/SMB/FIN
Workflow 2 Step 1 Step 3 Step
Global Metadata Location Location Location
Primary/Secondary
Site Contact
*Fill in the blank* *Fill in the blank* *Fill in the blank*
Additional Considerations
and wrap-up
Governance and Training
• Governance doesn't
work without user
adoption and
compliance.
• End-user training
and education, good
content, and search
are keys to user
adoption.
• Document
governance plan.
Governance Stakeholders
Form and use a governance group to create and maintain the policies and include the following roles:
Information architects or taxonomists
Compliance officers Influential information workers IT technical specialists Development leaders
Trainers IT managers Business division
leaders Financial stakeholders Executive stakeholders
Key takeaways
• Governance is there to ensure IT solutions achieve
business goals
• Start simple
• Training
• Keep it fresh
• Don’t have a policy unless you can enforce it
Questions?
Your feedback is greatly appreciated!