Dan Holme, Chief SharePoint Evangelist for STP South America sponsor AvePoint, presented his session on 'Architecting SharePoint for Scalability and Enforceable Governance' this afternoon at STP Montevideo.
Addressing governance management, Dan defined governance as "defining the people, processes, and technologies that deliver a service." Sharing a visual representation of the layers involved, Dan explained that "the communication that has to happen between the business and the service" is where governance fits, whereas the management layer is about the operations.
By way of an example, Dan posited an HR department working with 75K documents. Noting that company policies and industry requirements combine to guide governance, Dan asked how does a company enforce the policy in SharePoint if different groups of users should only be able to see their respective documents (and not see those of other groups). Naturally, putting the documents in folders with permissions set appropriately is the simplest solution in SharePoint. Dan pointed out that an access control list allows HR to implement the policy; the folder is the scope of what it applies to, and the control can live at several layers (e.g., folder, document library, and site levels). Doing so ensures that policy will be enforced, and the bottom line is that "in order to manage compliance you have to have a control and scope."
Also on the topic of policy management, Dan pointed out that you may have a choice in that you can encourage or manage policy compliance, but management is only possible when you design your infrastructure with appropriate scopes to support the controls you require. Ultimately, you will need to build your architecture to support information management and service management requirements.
Addressing the topic of sites, Dan mentioned that they scope security and functionality (i.e., permissions and features). While showing a slide illustrating common out-of-the-box architecture slide, Dan recommended separating site collections in order to scope ownership. Dan also pointed out that "Quotas can only be scoped at the site collection level," and again, mentioned that separating a particular department's site collection may be necessary in order to manage quotas. In addition to ownership and quotas, site collections scope auditing and most of the commonly needed information management controls.
Dan mentioned that the recycle bin is an out-of-the-box feature of Web Applications, but that some industries require actual deletion when a user deletes a document. The solution in these cases is to disable the recycle bin entirely, which is a setting scoped at the Web Apps level. For this reason, an organization might require two Web apps for collaboration: one that disables the recycle bin for such highly regulated functions, and another that allows the recycle bin for more general collaboration. Blocked file types and SharePoint Designer controls are also among the items which are scoped at the Web Apps level.
Referring to service management controls for Web Apps, Dan pointed out the maximum upload size (which is typically limited, with 50 megabytes being the SharePoint default). Web Apps scope important controls for both information management and service management.
Dan's guidance for Web Apps included a list of which ones should exist separately in their own DNS namespace, the complete list of which is available in the downloadable slide deck. Dan focused on functional business applications, such as expense report submission and time off requests. He recommended putting such functional business applications in a Web application dedicated to apps, e.g., http://apps. One of the advantages of keeping them separate is that since such applications tend to be highly customized, if there's a crash, you can recycle the app pool without affecting anything else (intranet, team sites, My Sites, etc.), and when upgrading to the next SharePoint version, you can leave the http://apps Web application on the existing/old farm because they're in their own DNS namespace, and then come back to them after upgrading everything else.
At the farm-level, Dan mentioned that certain types of Web apps are increasingly being set up as their own farm, including apps for the public-facing website, extranet, Project Server, LOB apps, and even team sites. Speaking of governance controls scoped at the farm level, Dan touched on code isolation (between test and production farms), access control, and geo-performance.
In conclusion, Dan addressed the presentation to the user, which is to say information architecture built on top of the service. Dan noted that navigation links will support this paradigm provided that you're bearing administration in mind. Dan cautioned, however, that "If you build for navigation, users will get what they need, but you won't be able to support what the business needs, [whereas] if you build for service management requirements, the users won't be able to navigate." Ultimately, "It's not easy … you have to architect a pretty distributed architecture to support the requirements of a typical enterprise," but the alternative to not putting in the effort is -at best-unacceptable levels of frustration on the part of either the business or the users, if not both.
Read John Anderson's complete coverage of the Sharing the Point South America events:
- Ricardo Munoz Introduces STP Buenos Aires
- Joel Oleson's 'Social Intranets: Transforming Traditional Portals' at STP Buenos Aires
- Mark Miller's 'To Host or Not to Host: The Good, the Bad, and the Ugly Decisions' at STP Buenos Aires
- Michael Noel's 'Building the Perfect SharePoint Farm' at STP Montevideo
- Dan Holme's 'Architecting SharePoint for Scalability and Enforceable Governance' at Sharing the Point Montevideo
- Paul Swider's 'Developing and Extending Enterprise Content Management Features' at STP Santiago