moss governance guidelines
TRANSCRIPT
Guidelines for SharePoint Governance
26.april 2009
Kjell-Sverre Jerijærvi
Microsoft
SharePoint Governance Checklist
Always use the checklist guide whitepaper
Customers find the guidance very useful, strongly recommended
Aspects covered includes
- Design-time and run-time governance
- Roles and ownership
- Information architecture, navigation and findability
- Branding
- Infrastructure and operations
- Testing and development
Each checklist has a related tips & information section
http://technet.microsoft.com/en-us/library/cc261826.aspx
Start With Simple Governance
Architecture Governance
Logical architecture model based on Information Architecture and
capacity, sharing and isolation, configurable items, administration, and
planning recommendations
- Farm design
- Site-collection structure
- Information asset structure
- …to create a workable design considering hard and soft limits
Adapt governance according to targeted solution
- SharePoint as an Enterprise 2.0 platform
- Business applications hosted in SharePoint
- Push vs Pull: http://www.johnhagel.com/view20051015.shtml
Start With Simple Governance
Required Operational Governance
Availability
- Farm with redundancy
- Monitoring
Backup and Recovery
- Policies must be defined and enforced
- Restore specific information assets
- Tested disaster recovery plan
- Make sure that complete solution can be restored within allowed time limit
Start With Simple Governance
Minimum Governance
Site Lifecycle Management (SLM)
- Policies (owners, free/paid, lifespan, inactivity, deletion, etc)
- Automation of SLM through site creation wizard and timer jobs
- Site delete capture
Content Type (metadata) definitions
- Classification of all information assets, from sites to documents
- At least the “closed” content types (the immutable base metadata)
- http://kjellsj.blogspot.com/2008/11/sharepoint-content-type-guidelines.html
Start With Simple Governance
Optional Governance
People Lifecycle Management (PLM)
- Manage the lifecycle of accounts as people starts, transfers, quits
- Policies for permissions and ownership of information assets
- Automation of PLM though partner/open solutions
Visibility into usage
Visibility into permissions
Site Lifecycle Management
Governing Sites from Creation to Deletion
SLM policies must be defined and enforced
Standard SLM only for site-collections
- Site use confirmation and deletion
Custom Site Creation Wizard
- Use only if ootb SLM functionality is not sufficient
- Develop custom wizard to collection data related to SLM
- Store SLM data in site properties
- Develop timer job to enforce SLM policies
Site Delete Capture
- Do not rely on database backup to restore deleted sites (backup media
retention timespan might be shorter than SLM restore policy timespan)
- MSIT tool: http://www.codeplex.com/governance
People Lifecycle Management
Governing Users from Creation to Deletion
PLM policies must be defined and enforced
Related to information security
Information asset permissions must be managed when
- Account is removed/deleted
- User transfers to another department
Information asset ownership must be managed when
- Account is removed/deleted
- User transfers to another department
DeliverPoint:Permissions is a recommended partner solution
Content Type Governance
Using Content Types for Content Classification
Always create company specific base content types
Use few required metadata fields
Use sensible default values where possible
Follow “Open/Closed” principle for content type hierarchy
- http://kjellsj.blogspot.com/2008/11/sharepoint-content-type-guidelines.html
Support the Office 2007 Document Information Panel (DIP)
Decide and enforce behavior
- Policies
- Workflows
Information management policies
- Retention, Auditing, Labeling / barcodes
Document Template Governance
Using Templates in Content Types
Shared templates
- Manage and store templates in a central location
- Do not store templates directly in content types, always reference the central
shared templates
http://weblogs.asp.net/mnissen/archive/2008/10/18/sensible-document-
template-file-management-with-sharepoint.aspx
List Definition Governance
Use Lists Based on Content Types
List content
- Use only a few content types
- Content types must be cohesive
- Prefer list views over folders
List permissions
- Prefer using inherited permissions
- Avoid user item level permissions
Content Management
- Versioning, Check-in/out, Workflows
Information Rights Management
- Policies for usage and access restrictions
Information management policies
- Retention, Auditing, Labeling / barcodes
Search Governance
Findability and Information Security
Ease of adding information assets to correct location
- Users should not have to enter a lot of required metadata
- Users should not have to browse/navigate a lot to store content
- Task context should deduce location, ref CRM document store
Metadata tagging through content types for all findable assets
Search scopes
Faceted search
- http://www.codeplex.com/FacetedSearch
Information isolation
- Separate SSP or even separate farms
Permissions Guidance
Simple Permissions Policies is More Secure
Use AD „security groups‟ to manage user group memberships
- Note need for management rights on AD groups
Do not assign permissions to single users, always assign to groups
Prefer inherited user groups (role definitions)
Prefer inherited permissions (role assignments)
Avoid assigning item level permissions
Site-collections are preferred permission management boundaries
The more diverse and fine-grained permissions assignments you have,
the harder it is to know who has access to what – and the more likely it
is that there will be information security breaches
Shared Metadata Governance
Metadata across Multiple Site-Collections
Metadata
- Content types with site columns including lookups
- List definitions
- Management and distribution from master to applications
Reference data
- Typically values for lookup type site columns
- Management and distribution from master to applications
Always plan and test how to replicate shared metadata across your
designed site-collection topology
Metadata replication software
- Custom development
- Echo or DocAve
- Look for new functionality in Office 14
Metadata Usage
Open Solutions @ CodePlex
Community Kit
- Social bookmarking
- Tag cloud
• Enhanced wiki edition
• Enhanced blog edition
• Enhanced discussion board edition
- http://www.codeplex.com/CKS
Faceted search
- http://www.codeplex.com/FacetedSearch
…and a lot more not related to metadata
- http://sharepoint.microsoft.com/blogs/mikeg/Lists/Posts/Post.aspx?ID=1066
Quota Governance
SharePoint Administration, SQL Server Monitoring
Plan for software boundaries
- http://technet.microsoft.com/en-us/library/cc262787.aspx
MySite (site-collection)
- Storage size (default 100MB)
Site-Collection
- Storage size
- Notification e-mail on size threshold
- Usage reports
Document
- Upload size (default 50MB, max 2GB)
Content Database
- Recommended max 100GB
- Recommended max 50.000 site-collections pr DB
Development Governance
Design-Time Governance for Upgradability
Site Design
- Use standard site-definitions with feature stapling
- Avoid custom site-definitions and site-templates
- Do not use SharePoint Designer, except for prototyping
- http://msdn.microsoft.com/en-us/magazine/cc507633.aspx
Workflows
- Do not use SharePoint Designer, except for prototyping
Branding
- Do not use SharePoint Designer, except for prototyping
Document Information Panel (DIP)
- Prefer standard DIPs, avoid customization
- If customized using InfoPath, all clients must have InfoPath installed to use
the customized DIPs
Patterns & Practices SharePoint Guidance
Guidance & Reference Implementation
Helps architects and developers design, build, test, deploy, and upgrade
SharePoint intranet applications
Demonstrates solutions to common architectural, development, and
application lifecycle management challenges
- http://www.microsoft.com/downloads/details.aspx?FamilyId=C3722DBA-
6EE7-4E0E-82B5-FDAF3C5EC927&displaylang=en
- http://spg.codeplex.com/