Top 10 Bad Practices
description
Transcript of Top 10 Bad Practices
Top 10 Bad PracticesSharePoint_ITP220
Ben Curry, CISSP, Microsoft SharePoint MVP
AgendaWhat is a Best Practice?What is a Bad Practice?The Top 10 Bad Practices
See http://mindsharpblogs.com/ben for details on each of these topics. I’ll be writing on these for the next few weeks.
What is a Best Practice? Adapts to culture, politics, business, and
security Intellectually Simple
Practical application may be difficult Aligns with organizational strategy Intentional, Deliberate practice for a given set
of requirements Often different between verticals
What is a Bad Practice? Ignores expert advice Doesn’t account for business requirements Directly conflicts with design, examples are:
SLA Configuration management Change management Security Policy
Ignores corporate culture
Example Bad Practice
The Top 10 Bad Practices
It’s worth noting that every organization will have a different set of the “Top 10”
#1 – No Implementation Methodology
“setup.exe, I Agree, Next, Next, Finish” is chaos waiting to happen
Pick one and stay with it ITIL, PMI, MSF/MOF, Agile, INCOSE See sessions by Paul Culmsee, Andrew
Woodward, and Ruven Gotz Should align with corporate strategy Consistency is key Requires Stakeholder support
Minimum Implementation Plan: Get the stakeholders involved Gather requirements from the business people (the more
interviews, the better) Create a project plan Get some training! Engage the services of an architect if you don't have one on
staff Create an IT Governance (assurance) plan for the project Prototype solutions Create a Test and/or Development environment Execute a test plan Document, Document, Document!
#2 – Lack of Requirements
Business Executives, Managers, Business Analysts Information Workers
Technical Power Users IT Staff
Performance Policy
IA, Security
Requirements Gathering Define ‘need’ versus ‘want’ and prioritize
accordingly Elicitation Techniques
Traditional – questionnaires, surveys, discussion groups
Existing Systems Pain Points as Requirements Group – brainstorming, lunch and learn (free
food) Prototyping Contextual
#3 – Insufficient Training
Leads to poorly implemented, under-engineering, over-engineered, underutilized, and impossible to use systems
Who should I train? Stakeholders (end user training) Information Workers Business Analysts Administrators and Developers Designers and Architects
EXAMPLE TRAINING SOLUTION:
UserVersity Certification Paths Collaboration Specialist
Be able to use the tools such as search, navigational aids, site directory to navigate and find content within SharePoint. Use of list and libraries within a site including all list and library features. Collaboration within workspace sites, wiki sites and blog sites.
My Sites SpecialistPersonalize My Profile in My Site, Manage Colleagues in My Site and use the colleague tracker web
part, Microsoft Office 2007 integration with My Site, SharePoint sites web parts, My workspaces web part, recent blog posts web part and the My Links drop-down, User Libraries In My Sites.
Security SpecialistKnow how on security in WSS 3.0, Manage permission levels and SharePoint groups, Create custom
permission levels and SharePoint groups, Manage access to a Site, Manage access to a library or list, Manage permission inheritance.
Publishing SpecialistOverview of Microsoft Office SharePoint Server 2007, Overview of Web Content Management. Create
pages in Publishing sites, Edit pages in Publishing sites, Approve content in Publishing sites, Version history in Publishing sites, Overview of News sites.
Content Management Specialist – separate slide
Site Creation and Customization Specialist - separate slide
#4 – No Governance Plan
While everyone doesn’t agree on what governance is, you still need it Assurance or Governance?
Does it align with IT Governance? Corporate Governance?
Preliminary Governance Requirements
• Backup/Restore*• Authentication*• Authorization• System Monitoring*• Antivirus*• IT vendor oversight• Alerting/Notification• Auditing Policies• Distribution
• Usage Reporting• Search Security*• Versioning• Branding• Custom
Development• Publication• Taxonomy• Retention
#5 – Not Using Solutions for Customization
Why don’t people use them? Don’t know how Too difficult Too lazy (sorry in advance if this applies)
Hard to maintain consistency without them Can dramatically increase maintenance costs
Web Part Maintenance Example A Web Part requires:
.dll .webpart XML Feature.xml Elements.xml Safe Control CAS (if applicable)
So if a single server, and single Web part, then 6 actions to deploy…but…
What if you have 3 servers x 3 Web apps? 36 actions! A .dll to be deployed to the web application BIN directory so that it can
implement Code Access Security. (Deploy to 3 web app bin directories on 3 servers = 9 changes)
A .webpart XML file (Deploy to 12\TEMPLATE\FEATURES on 3 servers = 3 changes)
A Feature.xml file (Deploy to 12\TEMPLATE\FEATURES on 3 servers = 3 changes)
An Elements.xml file (Deploy to 12\TEMPLATE\FEATURES on 3 servers = 3 changes)
A Safe Control entry for the web application’s web.config file (Change the web.config file for 3 web applications on 3 servers = 9 changes)
Code Access Security policies that defines what the web part will be allowed to do. (Change the web.config file for 3 web applications on 3 servers = 9 changes)
#6 – Insufficient DR Planning and Testing
Define RPO and RTO Targets Recovery Point Objective Recover Time Objective Get Stakeholders buy-in and agreement
Define granularity of restores SQL + Native Backups or 3rd Party Solutions High Availability Document, Test, Refine, Document
#7 – Lack of Capacity Planning and Testing
What works for 1 user may not work for 500 Lots of tools for testing
Visual Studio Team Suite, Fiddler, Ping.exe, wireshark, etc.
Software vs. Hardware Boundaries See Mike Watson’s blog and TechNet
Plan for the worst, hope for the best! Don’t guess – know
#8 – No Configuration/Change Management
Windows Server platforms, IIS Configuration Information Management Policies / Auditing SharePoint Web Applications SQL Server Dependent systems (e.g. via BDC) Site Collection / Sites AuthN and AuthR Content Types, Metadata, etc.
#9 – Solving Every Problem With SharePoint
It’s a tool – use the right tool for the job SharePoint commonly addresses:
Forms, business workflows, Task Order Management, calendaring, collaboration, search, aggregation, search, organization, presentation
SharePoint probably doesn’t address: CRM, Accounting, ERP, ERM, Time & Expense,
Portfolio Management, and Resource Management
#10 – No Information Organization / Information Architecture Lack of consistency in how data is input into the
information system Lack of agreed-upon meanings for metadata
keywords, lowering findability Data redundancy goes up, incurring incremental
costs Lack of findability of information in an e-discovery
proceeding can cost millions, jury might infer fraud Inefficient IA costs much more than a IOPS
#11 – Solving Every Problem With Code
Developers love to write code If there’s a problem, writing code will fix it
Use OOB Web parts as much as possible Refer to original business requirements
before customizing SharePoint Test before implementing Test before upgrades, Service Packs, etc. Remember when adding servers to the farm!
Thank you for attending!
Please fill out your evaluation and turn it in on the back table!