Kirk Evans is a Microsoft Architect for the Azure Center of Excellence.
Introduction to SharePoint and Azure IaaS
Building SharePoint Apps with Windows Azure Platform as a Service
SharePoint Solutions and Architectures on Windows Azure Infrastructure Services
Understanding Authentication and Permissions with Apps for SharePoint and Office
This is a wrap-up of days 3 and 4 of the SharePoint Administrators Survival Camp training class by CriticalPath Training that I am attending this week, presented by Shane Young of SharePoint911. You can see recaps of Day 1 and Day 2.
I’ll admit, I missed most of day 3. I had an important call with a customer that I couldn’t miss, one of those calls that comes along quite infrequently in your career. Yet I hesitated, should I cut the call short so that I can get back to training class? It’s quite rare that I have the attention span to sit through training, let alone 5 days of it. However, I am finding this material so intriguing that I really don’t want to miss any of the material.
The second half of Day 3 covered many topics that I am already pretty familiar with. We installed solution packages, activated and deactivated features, and talked about feature scope. Shane had some great insight and recommendations, particularly around deployment of customizations. Of course, do not simply elevate your trust level to Full, especially when the developer insists. Instead, use WSS_Medium or, preferably, WSS_Minimal trust and force the developer to leverage private bin deployment with a CAS policy. Shane goes so far as to saw that ops should not deploy solutions that deploy to the GAC without having an in-depth discussion with the developer. His point is that code deployed to the GAC has full trust. The challenge there is that some development tasks in SharePoint cannot be performed with a private bin deployment (such as development of list and feature receivers), instead requiring GAC deployment. While this can’t be a blanket policy, it’s a good rule of thumb to start with. As developers, we should be prepared to answer why we need to deploy to the GAC, and should deploy to the private bin when possible. VSeWSS 1.3 enables private bin deployment of web parts (the most common deployment scenario), as do other tools, and an understanding of CAS, GAC, and assembly resolution should be required for any .NET developer.
Day 4 was awesome. As a developer, I have focused on things like packaging into solution packages, features, content types, workflows, web parts, and using the SharePoint object model and web services APIs. That’s a lot of ground. I’ve also had to ignore certain areas such as Excel Services, Forms Services, BDC, and Search while I ramp up on development tasks. I kind of took search for granted, it returns results. I had no idea what search can really do, such as crawling file shares and security trimming results. For the first time, I not only saw security trimming in search work, but configured it to work myself! I created a content source to a restricted subsite, logged in as a user that does not possess credentials to see that information, and searched… the secure material was not shown, but was shown when I logged in as someone with credentials to see the material. I always thought that SharePoint provided security trimming for search, but it’s really cool when you not only see it work but walk through the steps to make it work and prove to yourself how it works. We also saw what happens when the search service doesn’t have access to a resource (such as an external share) and how to configure that. We even deployed a PDF IFilter and updated docicon.xml to show the PDF icon next to search results.
I know, many of you SharePoint experts are probably thinking, “I’ve known how to do that for a long time.” Probably, but it’s not something that developers would delve into unless they are customizing search or developing components for search. I haven’t done that, it was nice to see how to configure these things.
We spent a lot of time on search, looking at how to provide a list of noise words (a, of, the, and, etc). Shane pointed out that most customers don’t use noise words (I think he actually said he’s talked to thousands of customers and nobody uses this). Just then, 3 different people in our class said they use it. One works for the Supreme Court, providing noise words for legal terms that show up often such as “writ”. Pretty cool.
Slightly more often used is the concept of a thesaurus, enabling you to expand search terms. For instance, internally at Microsoft, the really great discussions and presentations about new technologies are typically produced when the product is still in beta and people are just starting to learn how to apply it. If I am giving a presentation to a group of Java developers to introduce them to ASP.NET for the first time, the more recent hits for ASP.NET near Java will produce marketing stuff and v.Next information. However, if I search “Whidbey”, which was the code name for Visual Studio 2005 and .NET 2.0, then a ton of information surfaces. As an admin, I can provide a thesaurus to expand search terms so that when someone searches for PowerPoint decks on ASP.NET, it includes the search term “Whidbey” as well. When I search for WCF, it should include “Windows Communication Foundation” as well as “Indigo”, similarly “WPF” should include “Windows Presentation Foundation” and “Avalon”. For my use, this would be a HUGE feature to implement as it would help make the mass of PowerPoint docs that our field produces much more easily discoverable.
We spent a lot of time creating internet sites as well. We created a new site, extended it, provided alternate access mappings, applied SSL certs, even applied Forms Based Authentication for the site. We leveraged a CodePlex project to manage FBA users that was quite slick. I’ve gone through this pain several times, creating an FBA site from scratch. Remembering that this is an Administrators class, the class labs didn’t create the ASPNET_DB database from scratch, but rather had the admin import the database. However, we did have to edit the web.config for the application and Central Administration by hand, something that just plain sucks no matter how you slice it. Once you get everything done, it works like a champ, but getting it to a working stage requires many confusing moving parts.
We also focused a lot on Alternate Access Mappings and providing internal URLs. I have worked with one customer who complained that there are only 5 zones for AAMs, they needed many more than that. Once I learned about internal URLs, I realize that’s what the customer was asking for… a way to map internal URLs onto an AAM zone. Shane also pointed out that the 5 zones for Alternate Access Mappings are deceptively named (Default, Intranet, Internet, Extranet, Custom). They should instead be named Default, Zone 1, Zone 2, Zone 3, and Zone 4, because the names do not imply any functionality (other than default of course). The point is that you could have multiple Intranet AAMs configured, but leveraging the Internet and Extranet zones. Nothing wrong with that, it’s just a name.
I really loved day 4 as it focused on several topics that I struggle with (search and creating internet facing sites). Looking forward to the final day, some great information packed into this last day.