governance - how does information & security drive your architecture
DESCRIPTION
TRANSCRIPT
Governance – how does information & security drive your architecture
Randy WilliamsEnterprise Trainer & Evangelist
[email protected]: @tweetraw
© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of
AvePoint, Inc.
Randy Williams
Enterprise Trainer & Evangelist – AvePoint20 years in IT
developer, consultant, trainer, author
Three-time SharePoint MVPSpeaker at many global conferences
[email protected]://linkd.in/plEEb1@tweetraw
Objectives & Agenda
Defining GovernanceManagement Controls and ScopesInformation Architecture vs. ManagementFour-Step Architecting Governance Process
Defining Governance
Communities
Search
Sites
Composites
ContentInsights
GOVERNANCE
“”
Governance is the set of policies, roles, responsibilities, and processes that guides, directs, and controls how an organization's business divisions and IT teams cooperate to achieve business goals.
Microsoft - http://bit.ly/nmNSbj
What is governance?
“”
Governance defines the people,
processes, policies and technologies
that deliver a service
Alternate definition
People
Process
Technology
Policy
People
Process
Technology
Policy
People
Process
Technology
Policy SERVICE
GOVERNANCE
Architecting Governance
1. Define and classify your
requirements
2. Design for managemen
t requirement
s
3. Refine for business
requirements
4. Overlay information architecture
and manageabili
ty
Management Controlsand Scopes
Fundamentals
Management controls and scopes Se
rvice
Applic
atio
n
Config
urat
ion
and
Data
Farm
Web Application
Service Application
Zone
Content DB
Site collection
Top-level site
List/Library
[Folder]
Item / Document
Sub site Sub site
Security Permissions
Features
Data Storage
SLAs
Blocked File Ty
pes
SSL
SharePoint Service Isolation
Quotas
Security Permissions
Ownership
(Full Control)
Management controls and scopes
It’s about containers (scopes)Security (permissions)? We understand that…
Scope unique permissions = site, list/library, folder, itemAdministrative overhead of multiple containers
But…
Governance and managementis more than just security!
Information Architecturevs. Management
Fundamentals
Info Architecture vs. Info ManagementInformation Architecture
Organize and describe content
MetadataStructureRelationships
InputsKnowledge Management teamLibrariansContent ownersSubject matter experts (SMEs)
OutcomesSite map (navigation)TaxonomySearchTargeting (audiences)
Information ArchitectureSharePoint
http://intranet
HR Finance
Expense Reports
Vacation & Sick Day Tracking
Financial PerformanceBenefits
Info Architecture vs. Info ManagementInformation Architecture
Organize and describe content
MetadataStructureRelationships
InputsKnowledge Management teamLibrariansContent ownersSubject matter experts (SMEs)
OutcomesSite map (navigation)TaxonomySearchTargeting (audiences)
Info ManagementManage the content & service
Access levels (permissions)LifecycleStorage
InputsInformation management policiesIT usage policiesRegulatory environmentSLAs
OutcomesAccess levelsRecords managementCompliancePerformance
Service Architecture
PRODUCTION FARM
http://teams
Site Collection
HR
Site Collection
Engineering
Site Collection
Finance
http://intranet
Site Collection
/
HR Engineering Finance
Site Collection
Custom App
http://apps
Remote LoB App
Public Extranet
Test Farm
Search Metadata My Sites
http://teams
Site Collection
HR
Site Collection
Engineering
Site Collection
Finance
http://intranet
Site Collection
/
HR Engineering Finance
Site Collection
Custom App
http://apps
Research & Development CRM
WWW Extranet
PRODUCTION FARM
http://teams
Site Collection
HR
Site Collection
Engineering
Site Collection
Finance
http://intranet
Site Collection
/
HR Engineering Finance
Site Collection
Custom App
http://apps
Remote LoB App
Public Extranet
SharePoint
http://intranet
HR Finance
Expense Reports
Vacation & Sick Day Tracking
Financial PerformanceBenefits
Search Metadata My Sites
Research & Development CRM
WWW Extranet
Architecting Governance
Four-Step Process to
Architecting Governance
1. Define and classify your
requirements
2. Design for managemen
t requirement
s
3. Refine for business
requirements
4. Overlay information architecture
and manageabili
ty
Classifying requirements
BusinessBusiness purpose of the solution
TechnicalProject
Budget, deadlines, etc.
Information architectureHow content is described, organized and discovered
Information managementHow content is created, secured, maintained, and disposed
Service managementIT assurance: performance, availability, recoverySLAs
Requirements to Architecture
BusinessRequirements
TechnicalRequirements
InformationClassification
Information Management Requirements
ServiceArchitecture
InformationArchitecture
Information Management
Policies
Service Management Requirements
Solicited Derived
Architecting Governance
1. Define and classify your
requirements
2. Design for managemen
t requirement
s
3. Refine for business
requirements
4. Overlay information architecture
and manageabili
ty
FARM
SITE COLLECTION
Management controls and scopes
WEB APPLICATION
CONTENT DATABASE
Top-Level Site
Subsite Subsite
List or Library
[Folder]
Item or Document
ZoneService
Application
Ownership
(Full Control)User & Group
Management
Requirements multiple web apps
Blocked file typesDNS namespace (URL)Web site service isolation
Web server: server isolationApplication pool: process isolation
Classic Mode or Claims Based AuthenticationSelf-service site creation, automatic deletion of unused sites
More requirements multiple web apps
SharePoint Designer controlsImpact of upgrade
Functional web applications (http://apps) not upgraded immediately
Business applications in this SharePoint web app have specific functionalityThey meet business requirements without upgradeFeatures that are installed to support these applications take time to upgrade
Collaborative web sites, intranet, and services upgraded immediately
Take advantage of new features of SharePoint vNext
Service application connections and configuration
Multiple scopes
Requirements multiple zones
Anonymous accessAnonymous policySSLAuthentication providersUser policy
Guidance: Web apps and zones
INTRANET: published intranet contenthttp://intranet
COLLABORATION: business unit, department, team, project
http://teams
EXTRANET: collaboration with customers, vendors & partners
http://extranetZone: https://clients
SOCIAL: enterprise social networking and personal contenthttp://people
PUBLIC WEB SITEhttp://www
SIGNIFICANT LINE OF BUSINESS APPLICATIONhttp://<LOB> e.g. http://CRM
Requirements Multi-farm architectures
Code isolationDev / Test / Staging / Production
AccessPublic-facing web siteExtranet in Cloud: Partners & Customers
Geo-performanceCollaboration farm(s) with team sites
Feature and process isolationEnterprise SharePoint farm with intranet and enterprise services
Enterprise services: search, metadata, social (User Profiles, My Sites)
Premium farm(s) for custom applications
Consider the implicationsSLAsChargebacksUpgrade to vNext
Requirements multiple site collections
OwnershipPrimary & secondary site collection administrators (Central Admin)The owner and secondary owner attributes of a site collectionFull control of site collection + receive site collection email notifications
AdministrationSite collection administrators as defined in the site collectionFull control of site collection
QuotasLocksSharePoint Designer restrictionsFeaturesSandbox SolutionsSearch settingsAudit settingsUser & group management
Multiple scopes
Content lifecycle example
FARM
http://intranet
HR Finance
http://teams
HR FinanceBenefits
Benefits Page
Benefits
Benefits Page
Archived
Requirements content databases
Storage ManagementLocation of database
Which SQL Server(s) host the databaseStorage platform
RedundancyClusteringMirroringStorage platform features
Backup SLAsHow long it takes to back up data
Recovery SLAsHow long it takes to restore dataRTO and RPO
PowerShell delegationRemote BLOB Storage (RBS)
Architecting Governance
1. Define and classify your
requirements
2. Design for managemen
t requirement
s
3. Refine for business
requirements
4. Overlay information architecture
and manageabili
ty
FARM
SITE COLLECTION
Sites, lists, libraries, and folders
WEB APPLICATION
CONTENT DATABASE
Top-Level Site
Subsite Subsite
List or Library
[Folder]
Item or Document
ZoneService
Application
Features
Security
Permissions
Architecting Governance
1. Define and classify your
requirements
2. Design for managemen
t requirement
s
3. Refine for business
requirements
4. Overlay information architecture
and manageabili
ty
The Great Divide
Management requirements more “containers”Web applicationsSite collectionsContent databases
Out-of-box features scoped to a single site collection
NavigationAdd a subsite, navigation links created automatically
Content managementSite columns and content types apply to a subsite
AdministrationAudit reports pull audit information from an entire site collection
“Behind the scenes”
FARM
http://teams
Site Collection
HR
Site Collection
Engineering
Site Collection
Finance
http://intranet
Site Collection
/
HR Engineering Finance
Site Collection
Custom App
http://apps
Presentation to the user
SharePoint
http://intranet
HR Finance
Expense Reports
Vacation & Sick Day Tracking
Financial PerformanceBenefits
Overlay Information Architecture
NavigationManually-configured Quick Launch and top link bar (global navigation)Custom link lists (advantage: security trimmed)Custom or third-party navigation controlsSPXmlContentMapProvider
Navigation
FARM
http://teams
Site Collection
HR
Site Collection
Engineering
Site Collection
Finance
http://intranet
Site Collection
/
HR Engineering Finance
Site Collection
Custom App
http://apps
Presentation to the user
SharePoint
http://intranet
HR Finance
Expense Reports
Vacation & Sick Day Tracking
Financial PerformanceBenefits
Overlay Administration
Administration “single pane of glass” acrossSite collectionsWeb applicationsFarms
For…Manage access, audit, manage groupsDeploy content
PowerShellThird-party administration tools
DOCAVE TO THE RESCUE…
Infrastructure Management
Deployment
Management
Data Protection
Administration &
ReportingCompliance
Replication
Storage Optimizatio
n
ONE EXAMPLE
50 PROD103
DocAve Administrator
How you position a service to customer is very important! It must be simple, reliable and
CONSISTENT!!
For Administrators looking for simplified management of SharePoint farms, DocAve Administrator is a scalable and feature rich solution that allows you to intuitively manage all your farms down to item level as opposed to other tools that do not offer true multi-farm management
SharePoint Administration
List Settings
Library Settings
List Settings
Site SettingsSite Settings
Site Settings
WebApp
Settings
Site Collection Settings
Site Collection Settings
Site Settings
Site Settings
Site Settings
Site Settings
Site Settings
Site Collection Settings
Site Collection Settings
WebApp
Settings
Central Admin
Site Settings
Library Settings
Site Settings
Too many setting pages…
51 PROD103
The Future
© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
Data Protection
Admin-istrationReportingStorage
Optimization Migration Compliance
DocAve
Managing Governance
Plans & Rules APIs
TO SUMMARIZE…
Architecting Governance
1. Define and classify your
requirements
2. Design for managemen
t requirement
s
3. Refine for business
requirements
4. Overlay information architecture
and manageabili
ty
Requirements to Architecture
BusinessRequirements
TechnicalRequirements
InformationClassification
Information Management Requirements
ServiceArchitecture
InformationArchitecture
Information Management
Policies
Service Management Requirements
Solicited Derived
People
Process
Technology
Policy SERVICE
GOVERNANCE
SERVICE
GOVERNANCE
MANAGEMENT
Q&ARandy [email protected]
© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of
AvePoint, Inc.