230 likes | 399 Views
Best Practices for SharePoint Administration. ILTA: SharePoint for Legal 2009 Symposium June 17 th 2009. Agenda. Introductions Evan Callender – Senior Architect – West Monroe Partners Topics Central Administration Governance Backup and Restore Content Databases Large Farms
E N D
Best Practices for SharePoint Administration ILTA: SharePoint for Legal 2009 Symposium June 17th 2009
Agenda • Introductions • Evan Callender – Senior Architect – West Monroe Partners • Topics • Central Administration • Governance • Backup and Restore • Content Databases • Large Farms • Content Tracking • Identity Management • Top 10 • Q&A
Central Administration • Farm Administrators • By Default, the System Account that was set up during the initial MOSS/WSS with be the sole account with Farm Administration rights • Best practice is to keep this default settings. However, additional users can be granted Farm Administrator access • Site Quotas • Quotas can be set to limit the amount of content a site can contain • Site Quota templates provide an automated content quota on all new sites created using the template
Governance Plans • A Sound Governance Plan will provide an organization a comprehensive containing key details around that organizations SharePoint Solution and accompanying governance policies including: • Authority to create Sub-Sites • User access rights to all areas of the SharePoint Solution • Responsible parties for all pertinent sections of a successful SharePoint Solution including: • Site and Sub-Site Administrators • IT Administrators • Database Administrators • Support Levels • Technical Resources • Reference: Microsoft Governance Plan Template
Backup and Restore Running scheduled backups is vital to the success of a SharePoint Solution. Backups generally take place at both the database (SQL) level and the site level. SQL Database Backups • Maintenance plans and transaction log checkpoints • Issues with a restore of the SharePoint configuration databases Site Level Backups • Administrators can use the “stsadm –o backup” command for site collection level backups • These backup files can be used to restore the site collection to a previous state Site Export/Import • At a more targeted level, the “stsadm –o export” and “stsadm –o import” commands can be used to backup individual Sites and import them where needed
Backup and Restore SharePoint Backups • Configured and managed in Central Admin • Not heavily used Data Protection Manager – High level points on the solutions • Continuous data protection for Windows • Rapid and reliable Recoveries from the item to catastrophic level • Advanced technology for enterprises of all sizes 3rd Party • Handful of tools that allow for item level restores and setting up granular backups for different areas of the farm
Managing Content Databases Site Collection Storage Limits and Warnings in Central Administration • Site Collections can be locked down at different levels • Site Collections can be limited to a maximum size of content • Site Collections can also have warning emails configured to send when content size reaches a certain limit Mapping SQL Growth • The database should be configured to grow correctly in order to avoid segmentation (more later) • Online Database vs. Offline Database
Content Database Administration • Size of databases and number of sites • 50 to 100 GB per • Number of sites varies based on size • Segmenting different types of sites • Internal vs. external • Departmental • MySites • How are your databases growing? • Auto growth settings • Transaction logs • Quotas and limits • Other databases to watch • Shared services search • Sharepoint configuration
Large or Multiple Farms When running multiple farms, it is vital to have a effective method to monitor all content. There are a number of third party tools that can prove to be beneficial Quest Administration Toolkit • Contains 30 operational reports, ability to build custom reports, set global policy settings, manage permissions and provide audit data and reports for the entire SharePoint environment • Features Include: • Discover and understand the extent of SharePoint • Establish security policies by managing all access and permissions to information • Help ensure compliance by providing a consolidated report of log data on activities • Validate the health and performance of SharePoint servers and sites • Analyze metrics, trends and user activity to provide quality information to stakeholders • Optimize IT’s time by issuing global policy configurations to all servers and sites
Large or Multiple Farms AvePoint DocAve SharePoint Administrator • Offers a central console for administrators to easily view, search, manage, report, and replicate settings, configurations, and securities of SharePoint objects (individually or in bulk). • Features Include: • Real-time Discovery and Monitoring • Administration and Security Management • Advanced STSADM Graphical User Interface • Management and Reporting
Large Farms Microsoft Administration Toolkit • Contains the ability to perform bulk operations on site collections, an Stsadm operation to update alert e-mails after the URL for a Web application has been changed, and a User Profile Replication Engine tool • Additional Features Include: • Batch Site Manager • User Profile Replication Engine • Customizable MSI • The MSI also supports the /quiet switch for quiet installation.
Multiple Sites The key to a successful SharePoint Solution is to set up the appropriate site/sub-site structure and its related permissions. • If you are going to break permissions each Site should have it’s own groups of Owners, Members and Visitors • Owners: Full Control • Members: Contribute • Visitors: Read Only
Security Groups Security Groups: Active Directory vs. SharePoint • In organizations in which an Active Directory structure is already established, those AD groups can be utilized within SharePoint Groups • When to use Active Directory and when to use only SharePoint Groups? • AD Groups can be used across site collections • SharePoint groups are defined at the site collection level and have to be manually replicated to other site collections • Best Practices for utilizing SharePoint Security Inheritance • Attempt to have base permissions set at the root site level • While inheritance can be broken down to the document level, there is a limit to the number of items with broken inheritance in a document library SP Group: Global Owners Sample Security Groups AD Group: SP_Administrators SP Group: Global Members AD Group: SP_Managers AD Group: SP_ProjectMgrs SP Group: Global Visitors AD Group: NT_ AuthenticatedUsers AD Group: SP_ProjectMgrs
Where is my Valuable Content? • Site Collection Usage Reports
Where is my Valuable Content? • Site Collection Usage Reports
Where is my Valuable Content? • Search Usage Reports
Where is my Valuable Content? • Policy Auditing
Identity Management • Active Directory • ADAM • SQL • Third party of custom applications • Virtual Identity Server (VIS) from Optimal IdM
Top 10 . . . . . . Thing to keep in mind about SharePoint Administration • Who is a farm administrator? • Who gets to be site collection administrator? • Managing Custom Development (Solutions/Features) • Database Growth • Site Creation and Growth • Leveraging Active Directory (groups profile) • Governance Plan (Define roles across entire solution) • SharePoint Update Path and Process • External vs. Internal User Access • Backups – catastrophic vs. item level
Questions Q & A
Contact Information • To learn more about West Monroe Partners and our SharePoint experience please contact us at: • Evan Callender ecallender@westmonroepartners.com 312.980.9476 • Doug Armstrong darmstrong@westmonroepartners.com 312.980.9439 • Mary Jummati mjummati@westmonroepartners.com 312.980.9343
References • AvePoint: http://www.avepoint.com/sharepoint-administration-docave • Quest: http://www.quest.com/site-administrator-for-sharepoint • MS Administrator Toolkit: http://sharepoint.microsoft.com • Virtual Identity Server: http://www.optimalidm.com/products/vis/