Planning Microsoft® SharePoint® Governance: How to Implement an Effective Governance Plan in SharePoint,Roberto Vazquez DelgadoAvePoint – Technical Solutions Professional

Roberto.Delgado@AvePoint.com

AvePoint Corporate Overview

Specialized

• Founded and Debuted in 2001• World's Largest SharePoint-Exclusive Research & Development Team

with 1,000 Employees (600+ in R&D)

Experienced

• World's Largest Provider of Enterprise-Class Governance and Infrastructure Management Solutions

• 25 Offices, 13 Countries in 5 Continents & 8000+ Customers

Invested

• Depth-Managed, Microsoft Certified Partner• Comprehensive SharePoint Governance & Management Platform• Offering True 24 x 7 Support - Microsoft Certified Technicians

Agenda

• Definition and Purpose of Governance• SharePoint Governance Challenges

– IT Governance– Information Governance– Application Management

• What does SharePoint Governance look like?– Out of the box capabilities – When to think about additional technology options

• Final Considerations

Bringing your governance plan into focus…

Key Players of Governance

People

Process

Technology

Policy

Governance Spectrum

ChaosRestricted

Introducing a Governance Plan

Integration

Applications

Collaboration

Content

Information Governance

Application Management

IT Governance

Today’s Focus Areas for SharePoint Governance

• IT governance of the software itself and the services you provide

• Information governance of the content and information that users store in those services.

• Application governance of the custom solutions you provide

Getting the right tools for the job…

• Standard administration interfaces– Quotas, locks, permissions,

records management• Powershell

– Administrative functions, Data protection

• SharePoint services and features– Managed metadata service for

classification– ISV solutions for management

• SharePoint Designer, Visual Studio

ManualAutomated

IT Governance

Centrally Managed Locally

Managed

A successful IT service includes the following elements:

• A governing group defines the initial offerings, policies, and evaluates success of the service• The policies you develop are communicated to your enterprise and are enforced• Users are encouraged to use the service and not create their own solutions – installations are

tracked• Multiple services are offered to meet different needs in your organization

Software, Services, and Sites are hosted and managed centrally by a core IT group

Software, Services, and Sites are hosted and

managed locally by individual groups

Service-level agreements should include:

• Length of time and approvals necessary to create a site.• Costs for users/departments.• Operations-level agreement – which teams perform which

operations and how frequently.• Policies around problem resolution through a help desk.• Negotiated performance targets for first load of a site,

subsequent loads, and performance at remote locations.• Availability, recovery, load balancing, and failover strategies.• Customization policies.• Storage limits for content and sites.• How to handle inactive or stale sites.

Reports and Inventory of Usage

• Web Analytics Reporting– Traffic– Search– Inventory

• PowerShell• Inventory

– Sites– Quotas– Content Types– Branding– Customizations– Security

Simplifying IT Governance Implementation with Technology

CONSIDER 3RD PARTY TOOLS TO:• Centrally enforce limitations – plans and policies for

– Data Protection, Recovery, and Availability– Audit Policies– Permission management

• Scalability in Management– Giving IT Teams the technology to manage thousands of

users– Terabytes of Content– Millions of Audit Records

Providing IT Assurance with DocAve

© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

Ensure service availability

Quickly recover lost or corrupted content

Manage SharePoint growth and configuration

Workflows

SharePoint Storage

ApplicationsSolutions

DocAve Data Protection Scope

Enhancing Security and Compliance

© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

Compliance, Appropriateness, and Restrictions

Map user access & permissions to all content

Monitor user and item access and activity

Implement auditing policies in accordance with

regulatory guidelines

Ensure content compliance

Security

Configurations

Reports

Search

Storage

Information Governance

Content is tagged with structured metadata, permissions are tightly controlled, content is archived or purged per retention schedules.

Content is tagged only socially and not tracked; permissions and archiving are not controlled or managed.

Appropriate for:• Structured content• High-business-impact content• Personal identifiable

information• Records

Appropriate for:• Low-business-

impact content• Short-term projects• Records• Collaboration

Loosely Managed Highly

Restricted

Information Architecture vs. Management

Information Architecture

• Organize and describe content– Metadata– Structure– Relationships

• Inputs– Knowledge Management team– Librarians– Content owners– Subject matter experts (SMEs)

• Outcomes– Site map (navigation)– Taxonomy– Search– Targeting (audiences)

Management

• Manage the content & service– Access levels (permissions)– Lifecycle– Storage

• Inputs– Information management policies– IT usage policies– Regulatory environment– SLAs

• Outcomes– Access levels– Records management– Compliance– Performance

@danholme

Information Architecture

Wireframe & Site

Map

Search & Navigation

Managed Metadata

Content Types

Information Architecture

Management controls and scopes

Service

Application

Configuration and Data

Farm

Web Application Service ApplicationZone

Content DB

Site collection

Top-level site

List/Library

[Folder]

Item / Document

Sub site Sub site

Security Permissions

Features

Data Storage

SLAs

Blocked File Types

SSL

SharePoint Service Isolation

Quotas

Security Permissions

Ownership

(Full Control)

Information Access

Determine the rules or policies that you need to have in place for the following types of items:

• Pages• Lists• Documents• Records• Rich media

• Blogs and Wikis• Anonymous comments• Anonymous access• Terms and term sets• External data

Information Management: Permissions and Audiences

How do I structure permissions in a

site?

How do I target content to specific

audiences?

Should I use Information Rights Management (IRM) to protect content?

IT Governance: Access

How do I make this content accessible to external users?

How do I make sure that only people

who need access have it?

Information Assessment

Availability

AccessRedundancy

Birth Life Rest

Information Lifecycle Management

Managing Information and Storage with DocAve

© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

Security

Configurations

Search

Reports

Storage

Optimize & evaluate content utilization to decrease storage costs

Automate administrative tasks for content, polices, & security to control proliferation

Enable efficient content lifecycle management while enforcing policies and standards

Strictly Managed Loosely

Managed

Application Management

Determine customization types you want to allow, and how to manage them:• Service level descriptions• Processes for analyzing customizations• Process for piloting and testing customizations• Guidelines for packaging and deploying

customizations

• Guidelines for updating customizations• Approved tools for development• Who is responsible for ongoing code

support• Specific policies regarding each potential

type of customization (done through the UI or SD)

Customizations must adhere to customization policy, deployments and updates tested and rigorously managed.

Rules about development environments or

customizations are less rigid.

Customizations & Branding

• Isolate custom solutions: Sandbox Solutions– Cannot use certain computer and network resources – Cannot access content outside the site collection they are deployed in. – Can be deployed by a site collection administrator. – Governed: only a farm administrator can promote a sandboxed solution to run

directly on the farm in full trust. • Master Pages and Page Layouts• Themes• To “Designer” or not to “Designer”• Separate development, pre-production, and production environments

(keep these environments in sync)

Challenges with SharePoint development

• Environment setup• Platform learning curve• Toolset support• Team development• Versioned releases

http://wss.made4the.net/archive/2009/10/26/factors.aspxhttp://wss.made4the.net/archive/2009/07/06/how-asp-net-developers-can-leverage-sharepoint-webcast.aspx

@jthake

Application Lifecycle Management

Source: Microsoft TechNet, MSDN, and blogs

Streamlining ALM with DocAve

• Centrally enable or disable SharePoint Designer• Control propagation of artifacts, customizations and solutions within or

across environments• Compare environments for selective artifact propagation• Easily copy content from production back to dev/text environments to

increase testing quality

WFE Elements

Solutions

Customizations

WFE Elements

Solutions

Customizations

WFE Elements

Solutions

Customizations

Development Staging Production

Implementing Governance Policies

Governance Plans

Backup

1 hour

1 day

1 week

Storage

Tier 1 – SAN

Tier 2 – NAS

Tier 3 – Azure

InfoMgmt

7 years

3 years

1 year

Auditing

Full Audit

Views + Edits

Views

Quotas

10 GB

50 GB

100 GB

Customizations

SP Designer

Site Galleries

Sandbox Solutions

Information

Ownership

Content Types

Ethical Walls

SharePoint Policy Bundles

Gold Silver Bronze

Backup 1 hour 1 day 1 week

Storage Policy (RBS) Tier 1 – SAN Tier 2 – NAS Tier 3 – Azure

Info Mgmt Policies 7 years 3 years 1 year

Auditing Full View + Edits Views

SharePoint Designer Enabled Disabled Disabled

Content Database Isolated DB Shared Shared

Sandboxed Solutions Enabled Disabled Disabled

Quota 100Gb 50Gb 10Gb

Cost $$$$$$ $$$$ $$

Maturing Governance in the Organization

© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

Manual

• Resource Intensive• Rely on People to

police themselves

Semi-Automated

• DocAve Software Platform

• Powershell

Automated

• What’s next: Governance Automation

Governance Plan

Service Request Type - Site Collection Request

Sales

Policy Silver

Security Sales Management

Site Templates Custom Sales Template

Service Type Metadata

Acct Type: EPG/SMB/FIN

Workflow 1 Step

Global Metadata Location

Primary/Secondary Site Contact

*Fill in the blank*

HR

Silver, Bronze

HR Management

Enterprise Wiki

3 Step

Location

*Fill in the blank*

Project

Gold, Silver

Marketing Management

Team Site, Publishing Site

2 Step

Location

*Fill in the blank*

Service Request Types – Surfacing Options to Content Owners and Business Users

• Site Collection Request• Transfer / Clone User Request• Site Collection Content Lifecycle Request• Sub-site Request• Content Move Request• Solution Package Deployment Request• Gallery Artifact Deployment Request• Recover Content Request• Report Request

Key takeaways

• Governance is there to ensure IT solutions achieve business goals

• Start simple• Training• Keep it fresh• Don’t have a policy unless you can enforce it

Contact

AvePoint

Phone(201) 793-11111-800-661-6588 (toll-free)

Email sales@avepoint.com

Social & Community

www.DocAve.com

http://www.facebook.com/AvePointInc

@AvePoint_Inc

Roberto V. Delgado

Slides (sorry, no phone )www.slideshare.net/robertovd

Email

roberto.delgado@avepoint.com

Social & Community

www.DocAve.com

www.facebook.com/AvePointInc

@sharepointrober

Resources

Product Info: http://www.avepoint.com/sharepoint-solutions/governance-and-compliance

NEW PRODUCT! Governance Automation: http://www.avepoint.com/GovernanceAutomationWebsite houses all white papers, case studies, download links, datasheets, etc!

Download a FREE, fully-enabled 30 Day trial of DocAve at www.avepoint.com/download

Additional Resources (Please Click Images or Visit www.AvePoint.com/resources)

Customer Success Stories WhitePapers from AvePoint’s Own SharePoint Experts

© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.