The New SharePoint Framework Meets Corporate IT

As a consultant there are times where I am slightly disconnected from the “Corporate World”, which is honestly part of the draw. As consultants technology is the great enabler for providing clients with software & services in order to help them realize their business goals. So as a consultant we tend to gravitate towards both trends & solutions that help us provide more value in a shorter amount of time. Demonstrating value is what helps us to build relationships which in turn often times leads to repeat business – rinse, lather, repeat. However, in the Corporate World life is filled with words like standards, policies, approved lists, governance, compliance, legal, etc.

I have recently resumed working for one of my favorite clients at a large Insurance company in our area, which entails the usual badge, laptop, parking pass in order to comply with the contractual agreement between my company and theirs. One of the interesting points to note is that in order for me to perform development work, I actually need to use their equipment to access their environment. This is a rather large SharePoint business application that I had previously built which is a combination of code (all client side) and configuration with SharePoint 2013 workflows. During my previous engagement I had actually been given local administrative rights on my machine which allowed me to load software like Visual Studio Code in order to perform my job.

Fast forward to this engagement, I’m without Administrative Rights on my machine and my two text editors of choice are Notepad or SharePoint Designer. I walk down to their Tech Express counter to see about having them install Visual Studio Code on my machine and they empathize but explain that their new policies prohibit the installation of any software that hasn’t already been packaged by their Engineering group. When I inquire about that process it basically entailed a multi-step review by Legal, Compliance, Software Engineering, etc. Typical turnaround time is a couple of weeks which likely isn’t helpful when the work needs to be done in the next week or so. I thank the Tech and proceed back to my desk where I submit a request for Administrative Rights on my machine thinking at least if I can get that, I’ll load the software myself and be done with the work hopefully before their security group catches on.

My request is routed to a governance approver who expresses concerns at both my status as a non-employee but also my request (setup developer laptop is my vague request). We speak more about it and I learn that not only is the technician correct about the software process but he also proceeds to inform me about the extra attention that is placed on Open Source software. He explains that the EULA agreements can be confusing and sometimes publishers make distinctions between personal & corporate use which can have implications on who owns the intellectual property. We talk about the way development is going with open source technology such as NodeJS, Bower, Gulp, and installing Node packages to help streamline development and I’m met with the realities of Corporate IT. The main priority for Corporate organizations is to protect the company – functions like Legal, Human Resources, and event Information Technology have the initial marching orders to protect the company. Just because development trends are moving towards open source technology – big corporations are afraid of this from a support & licensing perspective. From a security perspective they also do not like things such as local web servers and folks having persistent administrative rights to load the newest packages from Github onto their machines.

So where am I going with all this? So for today’s SharePoint Development there area really a few choices:

1) Configuration with mostly out of the box functionality and perhaps customization using SharePoint Designer. (workflows, maybe a little jQuery here and there)

2) Client side development where you’re hopefully installing some sort of text editor like VS Code, Brackets, etc to write a combination of HTML & JavaScript. If you are able, you might include things like NodeJS, Gulp, Bower, etc to automate portions of your development life cycle.

3) Visual Studio (heavy) development – either server side code, sandbox solutions, Add-in model, or maybe even client side development since it does support that as well. 🙂

What I see as an interesting problem which will impacts both SharePoint as well as Web Developers in these large organizations is the trend towards NodeJS, Gulp, Yeoman, and whatever other Node modules/apps become popular. Loading these into the global scope can require administrative rights which is often times not given out. Furthermore to make it more difficult, you’re not just asking to have Visual Studio Professional loaded on your machine. With just Visual Studio, Enterprises can provide temporary admin rights or use policies to allow you to just run Visual Studio as an Administrator. There’s also the very clear licensing agreement between Microsoft & “Large Corporation”.

But the there is the argument that we are talking about “web development” and not really SharePoint development which I agree to. But if you think about it – web development is kind of that grey area because from what I have seen, most large organizations treat their external websites much differently than their corporate Intranets. The Internet site represents the company, the brand, & services both customers & potential candidates alike. Many times agencies are brought in to help with these from the design perspective and/or development resources are brought on to “build it”. In those situations the developers likely fall into the same category as me – the consultant types which bring our own equipment with no barrier to entry. SharePoint is on the corporate intranet, inside the firewall, maybe sometimes in O365. Microsoft touts the #’s of organization’s in the Cloud but for me most of my main clients are on-premises.

I’m not saying that I am against the new “SharePoint Framework” what I’m saying is, I think there’s going to be a market to cater to (being large enterprises) where perhaps there’s a less automated way – or better yet a more contained set of tooling for those developers. To scoff and say that large enterprises need to work towards embracing the way things are going is difficult as well. Going back to my earlier point, most of those departments (HR, Legal, IT, etc) are there to protect the company.

I don’t have the perfect solution but I can tell you that I’m curious to see how this unfolds.

Advertisements

Hands on with AvePoint Policy Enforcer

I should preface this review with the statement that I do not work for AvePoint, nor am I being compensated in any way for this article. I like to state that since some of the reviews that I have read by other SharePoint experts are actually paid reviews which to be honest sometime cause me to question the truthfulness.

As a SharePoint Administrator for a Fortune 50 company I am constantly faced with trying to retrofit our hundreds of site collections with the most current set of security rules and governance policies. Up until this point I had spent quite a few hours writing ad-hoc scripts to tweak changes here and there, but as the number of site collections have grown, so have my concerns for making a mistake and causing harm to our production sites.

As part of their SP3 for the DocAve 6 platform, AvePoint introduced their new Policy Enforcer engine. I think a really easy way to explain the power of this new functionality is to walk you through a busines case.

Image

Many large enterprises scale out their implementation into farms based on the role in which they will serve – for example you could have a Project Farm and then an Intranet Website farm. Each farm has its own unique sets of Governance policies based upon the content that is being hosted. To be more clear, the Portal Farm is likely established to host published content – such as the user homepage and departmental sites. The rules behind sites going into that farm is that content approval must be enabled on all lists & libraries.

Now, take that one particular Governance ruling.. All lists & libraries must have content approval enabled. As a Farm Administrator with 1,000 site collections – how exactly do you intend on enforcing that particular policy? I’m sure the Developers reading this article will probably begin whiteboarding a timer job that will iterate through the web application site collections, read the lists, and iterate through. The IT Pro’s reading the article are probably thinking about a powershell script, likely doing the same thing, set to run via a scheduled task. Both are correct in their thinking – surely you can accomplish the task either way, but it becomes fun when it comes time to support/make changes to that code. For us as a large enterprise, code deployments can only happen during certain maintenance windows. And in regards to the PowerShell script, absolutely this is less intrusive, however that means you as the ITPro are now responsible for maintaining and running that particular script. And oh, by the way, now your manager wants reporting to find out which sites are out of compliance.

The first step to accomplishing this with Policy Enforcer would be to create a new profile at the defined scope.. For this example I’m blanking it out on the left hand side but I’m going to set this policy at the Web Application level. You could also drill down and scope it at the site collection, site, or even down to the list & library level.

create_profile

As part of that profile, you will want to setup a new data collection job which will go out and look at the scope specified. For this example, I’ll give the name “Content Approval”. For the same of brevity I’ll leave all the Auditor Mode & Scan Mode options enabled and not monkey with the default scan of every 30 minutes. Basically, the purposes of those at a high level are to narrow down the scope of what you’re scanning for. Example: if you just want to different rules for different farms at different levels, you could specify different data collection jobs.. Since it is also all based on the SharePoint object model so basically you can do ANYTHING and EVERYTHING. 🙂

source_collection_policy

Once you click save you will arrive back at the Profile, I’m going to create a new rule to make sure Content Approval is turned on. So I’ll click the Create Rule, and select the List Versioning Settings.

rule

The rule will get added to the profile – and then I’ll configure it by clicking the Configure Rule button in the middle of the profile manager window. I’ll then check off Content Approval.

config_rule

If you scroll down to the bottom of the configuration screen you’ll see that there’s a check box that says “Automatically revert to the settings above.” You also have the option of sending a notification to someone that the action is being taken.

final_configure_rule

Click the save button and you’re done. Now, the next time your scan policy (mine was called Content Approval) kicks off – it will go ahead and touch all lists & libraries and enable content approval!

The first time you run through this it might seem like a few steps, but to be honest after you setup all of your data collection jobs it is really simple to blast through a couple of different policies. You can setup this same type of policy for all sorts of things such as features. More information about what you can target is below.

I’m probably going to put out a few more posts on some of the cool things I come up with but for now but I think the above example shows just how easy it is to quickly propagate a simple change to hundreds or thousands of site within your environment.

More information can be found on AvePoint’s site along with this Feature Spotlight:
http://www.avepoint.com/assets/pdf/Policy_Enforcer_Feature_Spotlight.pdf

Governance is more than just a 10 letter word

As Microsoft continues to expand the capability of SharePoint so does the complexity for the architecture and integration of the system for enterprises of all scale. What I have noticed from my attendance at various SharePoint conferences both paid as well as the Saturday events, the level of expertise for the “SharePoint Guy/Gal” lags far behind what is needed for a successful implementation. I am not in any way knocking the person but rather the fact that on the curve of learning to mastering, it appears that many people are being thrust into the implementation before they have  accumulated the knowledge necessary to not only overcome technical obstacles for getting the software bits installed and running, but also the ability to draft/publish/communicate the do’s and don’ts for the businesses fancy new IT system.

Fortunate for all, there’s a vast ecosystems of “experts” readily available to help you through all aspects of your SharePoint engagement including the draft and publication of your organization’s Governance plan. When I speak about Governance, I want to specifically throw out any discussion about the operational aspects of managing the environment. I am not saying that developing your backup strategy and service level agreements are not important – which they really are not.. Your customers want the system available 24×7 and they want you to be able to restore to the point before they had a problem. But really you have a few three really important decisions to make about your environment:

1. What level of access will you be giving to users?

By far, this is perhaps the most important decision that you and your team will ever have to make. First off, if you start out giving users “full control” and then water it down to something else you are going to be fighting a Braveheart style battle. My recommendation for getting started with SharePoint would be to create the following groups/roles:

a. Business Power user – I would take full control and strip out create subsites, create groups, manage permissions, etc.
b. Contributor (without delete) – same role as contributor but take away the ability to delete
c. Read-only/Visitor – out of the box
d. IT Support – somewhere in-between the Business Power user and Site Collection Admin/Full Control

The trick for the business power user would be to make that group the owner for the Contributor & Visitor groups to that the business can manage the membership for those groups.

2. Will you establish quotas or let SharePoint become a dumping ground?

Some may feel this falls under the “operations” category of their Governance plan, what you really need to figure out is how rapidly do you think your users are going to fill SharePoint up with content? Then even more importantly, do you want any sort of “governator” in place that helps stop a site collection from growing to the Microsoft supported 100 GB limit which generally is a real pain in the ass to support in case you ever have to backup/restore it. I personally strongly recommend quotas for the simple reason that they are conversation starters. When you put a limit on how big a site collection can grow, you will force a conversation when a user hits that limit. By having that conversation you can better understand how the business is leveraging the platform and consider any improvements to either your service or their processes.

Another important “quota” to consider is what is the maximum file size that you will allow to be uploaded into SharePoint. Keep in mind this is another one of those gems that Microsoft publishes the maximum is 2GB but in all practicality, the limit I would recommend would be no greater than 250 MB. Typically from what I’ve seen any file that is over 100 MB is typically not meant for collaborating on. It is usually a PowerPoint Deck with high resolution images where the original creator is not aware of compression technologies.

3. What type of Development/Customizations/3rd Party Tools will you support?

Perhaps one of the most comical parts of deploying SharePoint is that moment where you realize that you will often requires 2-3 ISV’s to help fill the gaps and make it usable in your enterprise. It is typically a few months after the finance folks finish patting themselves on the back after battling with Microsoft Licensing to get all the terms & conditions of your Enterprise Agreement all wrapped up. In addition to the ISV’s you are going to find yourself in a situation where pockets of users will want to customize SharePoint. At first it is a logo here or some fonts there, but eventually a user is going to have a “requirement” that SharePoint “does this”. That will be the moment when you get introduced to even more SharePoint “Experts”, your neighborhood friendly SharePoint Developers. If your environment is 2010 then you’ll need to guide them towards either Farm (GAC) or Sandbox solutions – or if in 2013 you’ll likely want to explore the new App model.

The number one piece of advice that I can give you is to try and establish your Development standards as a “use out of the box first” and visual studio developed solutions second, especially as you continue to grow your knowledge as to what SharePoint does provide as part of your multi-million dollar EA agreement. The one caveat that I want to say is throwing a bunch of javascript into a content editor webpart is not really leveraging out of the box. 🙂

The number two piece of advice I can give you is to do a snapshot of performance before/after you receive custom code from your development teams. I cannot count the number of times where I have received code from offshore that caused response time to double or triple.

I am sure there are people that can point out other “important” topics, but from my experience those are the top 3 that should be addressed early on in your governance discussions.