Top 10 Bad PracticesSharePoint_ITP220

Ben Curry, CISSP, Microsoft SharePoint MVP

AgendaWhat is a Best Practice?What is a Bad Practice?The Top 10 Bad Practices

See http://mindsharpblogs.com/ben for details on each of these topics. I’ll be writing on these for the next few weeks.

What is a Best Practice? Adapts to culture, politics, business, and

security Intellectually Simple

Practical application may be difficult Aligns with organizational strategy Intentional, Deliberate practice for a given set

of requirements Often different between verticals

What is a Bad Practice? Ignores expert advice Doesn’t account for business requirements Directly conflicts with design, examples are:

SLA Configuration management Change management Security Policy

Ignores corporate culture

Example Bad Practice

The Top 10 Bad Practices

It’s worth noting that every organization will have a different set of the “Top 10”

#1 – No Implementation Methodology

“setup.exe, I Agree, Next, Next, Finish” is chaos waiting to happen

Pick one and stay with it ITIL, PMI, MSF/MOF, Agile, INCOSE See sessions by Paul Culmsee, Andrew

Woodward, and Ruven Gotz Should align with corporate strategy Consistency is key Requires Stakeholder support

Minimum Implementation Plan: Get the stakeholders involved Gather requirements from the business people (the more

interviews, the better) Create a project plan Get some training! Engage the services of an architect if you don't have one on

staff Create an IT Governance (assurance) plan for the project Prototype solutions Create a Test and/or Development environment Execute a test plan Document, Document, Document!

#2 – Lack of Requirements

Business Executives, Managers, Business Analysts Information Workers

Technical Power Users IT Staff

Performance Policy

IA, Security

Requirements Gathering Define ‘need’ versus ‘want’ and prioritize

accordingly Elicitation Techniques

Traditional – questionnaires, surveys, discussion groups

Existing Systems Pain Points as Requirements Group – brainstorming, lunch and learn (free

food) Prototyping Contextual

#3 – Insufficient Training

Leads to poorly implemented, under-engineering, over-engineered, underutilized, and impossible to use systems

Who should I train? Stakeholders (end user training) Information Workers Business Analysts Administrators and Developers Designers and Architects

EXAMPLE TRAINING SOLUTION:

UserVersity Certification Paths Collaboration Specialist

Be able to use the tools such as search, navigational aids, site directory to navigate and find content within SharePoint. Use of list and libraries within a site including all list and library features. Collaboration within workspace sites, wiki sites and blog sites.

My Sites SpecialistPersonalize My Profile in My Site, Manage Colleagues in My Site and use the colleague tracker web

part, Microsoft Office 2007 integration with My Site, SharePoint sites web parts, My workspaces web part, recent blog posts web part and the My Links drop-down, User Libraries In My Sites.

Security SpecialistKnow how on security in WSS 3.0, Manage permission levels and SharePoint groups, Create custom

permission levels and SharePoint groups, Manage access to a Site, Manage access to a library or list, Manage permission inheritance.

Publishing SpecialistOverview of Microsoft Office SharePoint Server 2007, Overview of Web Content Management. Create

pages in Publishing sites, Edit pages in Publishing sites, Approve content in Publishing sites, Version history in Publishing sites, Overview of News sites.

Content Management Specialist – separate slide

Site Creation and Customization Specialist - separate slide

#4 – No Governance Plan

While everyone doesn’t agree on what governance is, you still need it Assurance or Governance?

Does it align with IT Governance? Corporate Governance?

Preliminary Governance Requirements

• Backup/Restore*• Authentication*• Authorization• System Monitoring*• Antivirus*• IT vendor oversight• Alerting/Notification• Auditing Policies• Distribution

• Usage Reporting• Search Security*• Versioning• Branding• Custom

Development• Publication• Taxonomy• Retention

#5 – Not Using Solutions for Customization

Why don’t people use them? Don’t know how Too difficult Too lazy (sorry in advance if this applies)

Hard to maintain consistency without them Can dramatically increase maintenance costs

Web Part Maintenance Example A Web Part requires:

.dll .webpart XML Feature.xml Elements.xml Safe Control CAS (if applicable)

So if a single server, and single Web part, then 6 actions to deploy…but…

What if you have 3 servers x 3 Web apps? 36 actions! A .dll to be deployed to the web application BIN directory so that it can

implement Code Access Security. (Deploy to 3 web app bin directories on 3 servers = 9 changes)

A .webpart XML file (Deploy to 12\TEMPLATE\FEATURES on 3 servers = 3 changes)

A Feature.xml file (Deploy to 12\TEMPLATE\FEATURES on 3 servers = 3 changes)

An Elements.xml file (Deploy to 12\TEMPLATE\FEATURES on 3 servers = 3 changes)

A Safe Control entry for the web application’s web.config file (Change the web.config file for 3 web applications on 3 servers = 9 changes)

Code Access Security policies that defines what the web part will be allowed to do. (Change the web.config file for 3 web applications on 3 servers = 9 changes)

#6 – Insufficient DR Planning and Testing

Define RPO and RTO Targets Recovery Point Objective Recover Time Objective Get Stakeholders buy-in and agreement

Define granularity of restores SQL + Native Backups or 3rd Party Solutions High Availability Document, Test, Refine, Document

#7 – Lack of Capacity Planning and Testing

What works for 1 user may not work for 500 Lots of tools for testing

Visual Studio Team Suite, Fiddler, Ping.exe, wireshark, etc.

Software vs. Hardware Boundaries See Mike Watson’s blog and TechNet

Plan for the worst, hope for the best! Don’t guess – know

#8 – No Configuration/Change Management

Windows Server platforms, IIS Configuration Information Management Policies / Auditing SharePoint Web Applications SQL Server Dependent systems (e.g. via BDC) Site Collection / Sites AuthN and AuthR Content Types, Metadata, etc.

#9 – Solving Every Problem With SharePoint

It’s a tool – use the right tool for the job SharePoint commonly addresses:

Forms, business workflows, Task Order Management, calendaring, collaboration, search, aggregation, search, organization, presentation

SharePoint probably doesn’t address: CRM, Accounting, ERP, ERM, Time & Expense,

Portfolio Management, and Resource Management

#10 – No Information Organization / Information Architecture Lack of consistency in how data is input into the

information system Lack of agreed-upon meanings for metadata

keywords, lowering findability Data redundancy goes up, incurring incremental

costs Lack of findability of information in an e-discovery

proceeding can cost millions, jury might infer fraud Inefficient IA costs much more than a IOPS

#11 – Solving Every Problem With Code

Developers love to write code If there’s a problem, writing code will fix it

Use OOB Web parts as much as possible Refer to original business requirements

before customizing SharePoint Test before implementing Test before upgrades, Service Packs, etc. Remember when adding servers to the farm!

Thank you for attending!

Please fill out your evaluation and turn it in on the back table!