Top 10 Bad Practices SharePoint_ITP220 Ben Curry, CISSP, Microsoft SharePoint MVP Agenda What is a Best Practice? What is a Bad Practice? The Top 10 Bad Practices See http://mindsharpblogs.com/ben for details on each of these topics. I’ll be writing on these for the next few weeks. What is a Best Practice? Adapts to culture, politics, business, and security Intellectually Simple Practical application may be difficult Aligns with organizational strategy Intentional, Deliberate practice for a given set of requirements Often different between verticals What is a Bad Practice? Ignores expert advice Doesn’t account for business requirements Directly conflicts with design, examples are: SLA Configuration management Change management Security Policy Ignores corporate culture Example Bad Practice The Top 10 Bad Practices It’s worth noting that every organization will have a different set of the “Top 10” #1 – No Implementation Methodology “setup.exe, I Agree, Next, Next, Finish” is chaos waiting to happen Pick one and stay with it ITIL, PMI, MSF/MOF, Agile, INCOSE See sessions by Paul Culmsee, Andrew Woodward, and Ruven Gotz Should align with corporate strategy Consistency is key Requires Stakeholder support Minimum Implementation Plan: Get the stakeholders involved Gather requirements from the business people (the more interviews, the better) Create a project plan Get some training! Engage the services of an architect if you don't have one on staff Create an IT Governance (assurance) plan for the project Prototype solutions Create a Test and/or Development environment Execute a test plan Document, Document, Document! #2 – Lack of Requirements Business Executives, Managers, Business Analysts Information Workers Technical Power Users IT Staff Performance Policy IA, Security Requirements Gathering Define ‘need’ versus ‘want’ and prioritize accordingly Elicitation Techniques Traditional – questionnaires, surveys, discussion groups Existing Systems Pain Points as Requirements Group – brainstorming, lunch and learn (free food) Prototyping Contextual #3 – Insufficient Training Leads to poorly implemented, underengineering, over-engineered, underutilized, and impossible to use systems Who should I train? Stakeholders (end user training) Information Workers Business Analysts Administrators and Developers Designers and Architects EXAMPLE TRAINING SOLUTION: UserVersity Certification Paths Collaboration Specialist Be able to use the tools such as search, navigational aids, site directory to navigate and find content within SharePoint. Use of list and libraries within a site including all list and library features. Collaboration within workspace sites, wiki sites and blog sites. My Sites Specialist Personalize My Profile in My Site, Manage Colleagues in My Site and use the colleague tracker web part, Microsoft Office 2007 integration with My Site, SharePoint sites web parts, My workspaces web part, recent blog posts web part and the My Links drop-down, User Libraries In My Sites. Security Specialist Know how on security in WSS 3.0, Manage permission levels and SharePoint groups, Create custom permission levels and SharePoint groups, Manage access to a Site, Manage access to a library or list, Manage permission inheritance. Publishing Specialist Overview of Microsoft Office SharePoint Server 2007, Overview of Web Content Management. Create pages in Publishing sites, Edit pages in Publishing sites, Approve content in Publishing sites, Version history in Publishing sites, Overview of News sites. Content Management Specialist – separate slide Site Creation and Customization Specialist - separate slide #4 – No Governance Plan While everyone doesn’t agree on what governance is, you still need it Assurance or Governance? Does it align with IT Governance? Corporate Governance? Preliminary Governance Requirements • • • • • • • • • Backup/Restore* Authentication* Authorization System Monitoring* Antivirus* IT vendor oversight Alerting/Notification Auditing Policies Distribution • • • • • Usage Reporting Search Security* Versioning Branding Custom Development • Publication • Taxonomy • Retention #5 – Not Using Solutions for Customization Why don’t people use them? Don’t know how Too difficult Too lazy (sorry in advance if this applies) Hard to maintain consistency without them Can dramatically increase maintenance costs Web Part Maintenance Example A Web Part requires: .dll .webpart XML Feature.xml Elements.xml Safe Control CAS (if applicable) So if a single server, and single Web part, then 6 actions to deploy…but… What if you have 3 servers x 3 Web apps? 36 actions! A .dll to be deployed to the web application BIN directory so that it can implement Code Access Security. (Deploy to 3 web app bin directories on 3 servers = 9 changes) A .webpart XML file (Deploy to 12\TEMPLATE\FEATURES on 3 servers = 3 changes) A Feature.xml file (Deploy to 12\TEMPLATE\FEATURES on 3 servers = 3 changes) An Elements.xml file (Deploy to 12\TEMPLATE\FEATURES on 3 servers = 3 changes) A Safe Control entry for the web application’s web.config file (Change the web.config file for 3 web applications on 3 servers = 9 changes) Code Access Security policies that defines what the web part will be allowed to do. (Change the web.config file for 3 web applications on 3 servers = 9 changes) #6 – Insufficient DR Planning and Testing Define RPO and RTO Targets Recovery Point Objective Recover Time Objective Get Stakeholders buy-in and agreement Define granularity of restores SQL + Native Backups or 3rd Party Solutions High Availability Document, Test, Refine, Document #7 – Lack of Capacity Planning and Testing What works for 1 user may not work for 500 Lots of tools for testing Visual Studio Team Suite, Fiddler, Ping.exe, wireshark, etc. Software vs. Hardware Boundaries See Mike Watson’s blog and TechNet Plan for the worst, hope for the best! Don’t guess – know #8 – No Configuration/Change Management Windows Server platforms, IIS Configuration Information Management Policies / Auditing SharePoint Web Applications SQL Server Dependent systems (e.g. via BDC) Site Collection / Sites AuthN and AuthR Content Types, Metadata, etc. #9 – Solving Every Problem With SharePoint It’s a tool – use the right tool for the job SharePoint commonly addresses: Forms, business workflows, Task Order Management, calendaring, collaboration, search, aggregation, search, organization, presentation SharePoint probably doesn’t address: CRM, Accounting, ERP, ERM, Time & Expense, Portfolio Management, and Resource Management #10 – No Information Organization / Information Architecture Lack of consistency in how data is input into the information system Lack of agreed-upon meanings for metadata keywords, lowering findability Data redundancy goes up, incurring incremental costs Lack of findability of information in an e-discovery proceeding can cost millions, jury might infer fraud Inefficient IA costs much more than a IOPS #11 – Solving Every Problem With Code Developers love to write code If there’s a problem, writing code will fix it Use OOB Web parts as much as possible Refer to original business requirements before customizing SharePoint Test before implementing Test before upgrades, Service Packs, etc. Remember when adding servers to the farm! Thank you for attending! Please fill out your evaluation and turn it in on the back table!