Windows SharePoint Services Manageability Controls (Governance Series Part 1 of 5)
In an effort to share the wealth of information that I've been working on over the past few months, I figured it made sense to share some of these key whitepapers on governance in the means of a blog post. You can evaluate for yourself if you find this information useful. Governance may be a tough grasp for you as to why it's so important if you are an IT Professional. Let me tell you that deployments gone sour are 99% a result of lack of appropriate planning. If you fail to plan, you plan to fail. This content is truly about deployment and providing you the knowledge so you can plan appropriately.
This article, authored by Dan Holme with some help from myself, give you some background and lay the groundwork for what the nobs and controls are in a deployment. I've recently been saying, Exchange is about hosting Mailboxes and SharePoint is about hosting Site Collections, but that statement might be 90% true. For you the answer actually might be it's about hosting Web Applications or Sites. For example... the question do I use a web application or a site collection or a site collection vs. a site is explored here. This paper lays the framework for the other papers that use the terminology in this paper. If you prefer to read ahead the links to the other papers are included. I do recommend reading the actual whitepapers for the best readability and to view the applicable images.
Enjoy.
Joel Oleson
SharePoint Product Team
Windows SharePoint Services Manageability Controls
Date published: June 2007
Summary:Microsoft® Windows® SharePoint® Services 3.0 enables individuals, teams, departments, and organizations to rapidly deploy solutions that support the knowledge sharing and collaboration required by information workers in the 21st century. The value that Windows SharePoint Services delivers often leads to its rapid adoption by organizations with Web sites that host diverse content and collaborative activities. IT organizations can support these activities effectively by implementing and governing Windows SharePoint Services sites in a way that takes advantage of the manageability features of each component of Windows SharePoint Services logical architecture. This white paper will examine the Windows SharePoint Services architecture to identify which Windows SharePoint Services components provide manageability controls—settings that you can use to enable aspects of governance and manageability.
This white paper is the first in a series that will guide an organization through designing and implementing a governed, manageable Windows SharePoint Services 3.0 environment. Reading each of these papers in the order listed below is recommended:
1. Windows SharePoint Services Manageability Controls (http://go.microsoft.com/fwlink/?LinkId=92895&clcid=0x409)
2. Supporting Information Architecture with Windows SharePoint Services Manageability Controls (http://go.microsoft.com/fwlink/?LinkId=92896&clcid=0x409)
3. Implementing Windows SharePoint Services Governance (http://go.microsoft.com/fwlink/?LinkId=92897&clcid=0x409)
The three white papers, as well as other excellent resources related to the governance of SharePoint Products and Technologies, can be found at the Governance Information for SharePoint Server 2007 landing page (http://go.microsoft.com/fwlink/?LinkID=90916&clcid=0x409) on Microsoft TechNet.
To get the most from these white papers, you can familiarize yourself with Windows SharePoint Services 3.0 by using product documentation contained in the Windows SharePoint Services 3.0 Technical Library (http://go.microsoft.com/fwlink/?LinkID=73952&clcid=0x405).
Windows SharePoint Services Components
To design a manageable Microsoft® Windows® SharePoint® Services infrastructure, an organization’s design team must identify the components of Windows SharePoint Services logical architecture that enable aspects of control and manageability.
Windows SharePoint Services logical architecture comprises the following components:
· Server farm or single server deployment: The top-level design construct of a Windows SharePoint Services infrastructure is a stand-alone or server farm deployment of Windows SharePoint Services. A stand-alone installation includes Windows SharePoint Services and Microsoft SQL Server® on the same server. A server farm allows the separation of application and database server roles. An enterprise can support one or more Windows SharePoint Services farms. You administer each server farm as a unit from the shared administrative tools in the server farm’s SharePoint Central Administration site.
· Web application: A Web application is a logical component that is associated in a one-to-one relationship with a unique Microsoft Internet Information Services (IIS) Web site. You use the server farm’s SharePoint Central Administration site to manage Web applications.
· Site collection: A site collection is a component that encompasses one or more Windows SharePoint Services sites. You manage some features of site collections by using SharePoint Central Administration, and you manage others from the Site Settings page of the site collection’s top-level site.
· Site: Within a site collection, you can create one or more Windows SharePoint Services sites.
· Top-level site: The top-level site within a site collection is the site with the URL of the site collection itself. Top-level sites define certain configurations, such as features and templates, that affect all sites within the site collection.
· Lists and libraries: Lists and libraries are basically the equivalent of data tables in a database application. Whereas lists can support document attachments, libraries are a type of list in which the document is the focal point, and columns in the list provide metadata about the document.
· Items and documents: The records in a Windows SharePoint Services list are called items. A library is a list that contains documents.
These components of Windows SharePoint Services are illustrated in the graphic in the whitepaper.
For more information about the components of Windows SharePoint Services and how to design a Windows SharePoint Services infrastructure, see the Windows SharePoint Services 3.0 Technical Library (http://go.microsoft.com/fwlink/?LinkID=73952&clcid=0x405).
Windows SharePoint Services Manageability Controls
Windows SharePoint Services 3.0 offers several features that let you configure aspects of manageability. You can implement each of these features, which we will refer to as “manageability controls,” by configuring properties of specific Windows SharePoint Services components. For purposes of this discussion, manageability controls will be grouped into the following categories: security, branding, navigation, content management, content administration, search, and service management.
Security
Security can be divided into two primary components: authentication and authorization.
Authentication Provider
Windows SharePoint Services authentication is configured by the Web application’s authentication provider. Windows SharePoint Services 3.0 supports Windows authentication, which enables users to authenticate with accounts stored in the server’s local security accounts manager (SAM) database or in Active Directory (AD). Additionally, you can configure a Web application to use forms-based authentication, which supports any ASP.NET 2.0 authentication provider or Active Directory Federated Services (ADFS).
In order to support more than one authentication provider, you will need to create or extend more than one Web application. For example, you might want to give Windows SharePoint Services 3.0 access to users within your organization who maintain accounts in Active Directory, as well as to partners who access Windows SharePoint Services 3.0 through an extranet site by using accounts stored in an ASP.NET 2.0 authentication provider. To give this access, you need to create a Web application (for example, http://intranet.contoso.com) that uses Windows authentication. You would then extend that application to another Web application (for example, http://extranet.contoso.com) that would utilize forms-based authentication. Both sites would be attached to the same content database. Therefore, regardless of which URL they accessed, users would see the same content.
Authentication Timeout for Forms Based Authentication
If the Web application uses forms-based authentication, the user will remain authenticated until the user closes his or her browser or until the authentication timeout occurs. You can configure this expiration time, set by default to 30 minutes, for a Web application in the application’s Web.config file. Add or modify the timeout attribute of the forms element, for example:
<forms loginUrl="login.aspx" name=".ASPXFORMSAUTH" timeout="100" />
Authentication for a Site
To allow a user to authenticate to a specific site, you must add to the site collection (by using the People and Groups link in the site’s settings) the user’s account or a group to which the user belongs. The definition of valid users and groups is contained at the site collection level and, once added, you can give to a user or group permissions to any object (site, list, library, item, or document) within the site collection.
Anonymous Access
Users without user or group accounts in the site collection are considered anonymous users. You must set anonymous access, which is off by default, at the Web application level before such users can access any site or list. Once you have enabled anonymous access for the Web application, you can configure it for a site to support access to the entire site or to specific lists and libraries. Each list and library can then deny or allow anonymous access.
Access to Securable Objects
After authentication as either a valid user account or as an anonymous user, access to any securable object (a site, list, library, item, or document) is controlled by the permissions for that object. Permissions should be assigned to groups defined in either the SharePoint site collection or the authentication provider (such as Active Directory groups), but can also be assigned to a user defined in the authentication provider. By default, permissions are inherited from the parent object. The permissions assigned to the top-level site in a site collection are inherited by each site within the collection, each library and list within that site, and each document and item within the library or list. You can edit permissions on any securable object, but by doing so, you break the inheritance of that object’s permissions from its parent, and any changes to the parent’s permissions will no longer affect the child object.
Permission Levels
The permission levels you can configure on a securable object for a user or group are, by default, Full Control, Design, Contribute, Read, and Limited Access. You can modify these permission levels at the site collection level to enable the configuration of additional security-related roles.
Permissions
Each permission level is itself composed of granular permissions. For example, the Read permission level comprises eleven permissions such as View Pages, View Items, and Create Alerts. By default, all Windows SharePoint Services permissions are available for use in defining permission levels in a site collection. However, you can restrict which permissions are available to site collections within a Web application by configuring User permissions for Web application in SharePoint Central Administration.
Web Application Policies
Finally, Windows SharePoint Services 3.0 enables you to override object-level permissions through security policies configured for the Web application. By default, the administrators of the server hosting Windows SharePoint Services do not have access to any Windows SharePoint Services content. If business needs mandate such access, you can configure a security policy for each Web application that enables appropriate access for the administrators group. Similarly, corporate policy may require that a team of auditors or security personnel have access to content within a Web application. A Full Control or Full Read policy will provide the assigned users access to content throughout the Web application, overriding any more restrictive permissions on objects within the application. Alternatively, a particular group of users might need to be restricted from accessing content, even if permissions have been granted that would otherwise allow access. A Deny Write or Deny All policy will override any more liberal permissions on objects within the Web application.
Security Control Summary
· Authentication provider: Configured for the Web application in SharePoint Central Administration.
· Authentication timeout for forms-based authentication: By default, 30 minutes. Configured for the Web application in Web.config. Add or modify a timeout attribute to the forms element.
· Authentication for a site: Configured by adding the user or a group to which the user belongs to the site collection in People and Groups.
· Anonymous authentication: Enabled for the Web application in its authentication provider configuration. Then enabled for the site (none, entire site, or lists and libraries) and then further restricted or enabled per list or library.
· Access to securable objects: Configured for the securable object (site, list, library, item, or document). By default, inherited from parent object. Permission levels assigned to a user in the authentication provider or to a group in either the authentication provider or the site collection’s groups.
· Permission levels: Defined in the site’s Permissions settings. By default, inherited from the parent site.
· Permissions: Enabled for the Web application in SharePoint Central Administration.
· Security policies: Configured for the Web application in SharePoint Central Administration.
|
Control |
Configured for Windows SharePoint Services Component |
Location for Configuration |
Notes |
|
Authentication provider |
Web application |
SharePoint Central Administration: Application Management: Authentication providers: Edit Authentication |
Windows, forms-based, or Web single sign-on (SSO) is available. |
|
Authentication timeout for forms-based authentication |
Web application |
Web application’s Web.config file: The timeout attribute of the forms element |
Configure the lifetime of the authentication cookie. Authentication will time out at this interval or when the user closes the browser. |
|
Authentication for a site |
Site collection |
People and Groups: All People or People and Groups: All Groups |
Add a user or a group to which the user belongs to the site collection. |
|
Anonymous access |
Web application |
SharePoint Central Administration: Application Management: Authentication Providers: Edit Authentication |
Anonymous access to any object within the Web application is not possible unless enabled by the Web application. |
|
|
Site |
Site Settings: Permissions |
At the site level, anonymous access can be:
· Blocked
· Enabled for the entire site
· or enabled for specific lists and libraries |
|
|
List or library |
List Settings: Permissions for this list |
A list or library can enable anonymous users to add, edit, view, and/or delete items. |
|
Access to securable objects |
Object (site, list, library, item, or document) |
Permissions |
By default, permissions are inherited from the parent object. Permission levels are assigned to a user in the authentication provider or to a group in either the authentication provider or the site collection’s groups. |
|
Permission levels |
Site |
Site Settings: Permissions |
By default, permission levels such as Full Control, Contribute, Read, and Limited Access are inherited from the parent site. |
|
Permissions |
Web application |
SharePoint Central Administration: Application Management: User permissions for Web application |
Permissions supported by Windows SharePoint Services 3.0 can be enabled or disabled for a Web application. Enabled permissions are used to create permission levels for a site. |
|
Security policies |
Web application |
SharePoint Central Administration: Application Management: Policy for Web application |
Security policies allow you to enable or deny access to users or groups. Policies override the permissions on securable objects. |
Branding
Branding refers to the look-and-feel of your SharePoint sites. Your sites should reflect the standards of your organization for logo usage, color, layout, and boilerplate content (such as a copyright notice).
Master Page
The primary branding control is the master page. ASP.NET 2.0 master pages create a common appearance to pages in a site by defining components such as headers, footers, and navigational elements. A master page contains one or more content controls that expose the unique content of a page. Each content page is linked to its master page. When that page is requested, the server renders the master page, and then renders the content page in the appropriate content controls of the master page.
A Windows SharePoint Services site can contain one or more master pages in its master pages gallery, accessible through the Site Settings page. A site also inherits master pages that have been made available in parent sites. Therefore, you can use a single master page in the top-level site of a site collection to drive branding on all sites within the site collection, or you can deploy multiple master pages to support variations in look-and-feel.
Note that if multiple master pages are available within a site, you must use Microsoft Office SharePoint Designer 2007, or a developer tool such as Microsoft Visual Studio® 2005, to assign the master page for each content page. Microsoft Office SharePoint Server 2007 provides a user-accessible method for selecting a master page in the Web-based interface of the site.
Branding Control Summary
· Master pages: Master pages are maintained by a site in its master pages gallery. A site also inherits master pages maintained by parent sites.
|
Control |
Configured for Windows SharePoint Services Component |
Location for Configuration |
Notes |
|
Master Pages |
Site |
Site Settings: Master pages gallery |
A site maintains its own master pages gallery and inherits master pages of parent sites. |
Navigation
A manageable implementation of Windows SharePoint Services 3.0 will provide appropriately consistent navigation within and between sites, site collections, and Web applications. You can code navigational elements into the master page or pages, or you can use the top link bar and Quick Launch, which are supported out-of-the-box with Windows SharePoint Services 3.0.
Top Link Bar
The top link bar is, by default, a series of tabs near the top of the site’s pages that provide navigation to the top-level site and each first-level site. By default, each site inherits the top link bar of its parent site. However, you can configure the top link bar in each site’s settings. To remove the top link bar entirely, you can simply delete each link in the bar.
Office SharePoint Server 2007 enables a richer out-of-box navigation capability, with a top link bar that provides drop-down menus for navigation to sites or external links.
Quick Launch
Quick Launch appears, by default, on each user-facing page of a Windows SharePoint Services 3.0 site. It does not appear on the Site Settings or List Settings pages. Quick Launch is designed to provide a consistent navigational experience for all pages within a site. You enable it in the Site Settings page by clicking Tree View. You configure its contents by clicking Quick Launch.
Tree View
A tree view is also available to display a site’s contents in a tree-like structure. You enable it in a site’s settings by clicking Tree View, which will display the site’s lists, libraries, and sites.
Navigation Control Summary
· Top link bar: Inherited by default from the parent site. Configured in the site’s settings.
· Quick Launch: Enabled by using Tree View settings in site settings. Configured by using Quick Launch in site settings.
· Tree View: Enabled by using Tree View in site settings.
|
Control |
Configured for Windows SharePoint Services Component |
Location for Configuration |
Notes |
|
Top link bar |
Site |
Site Settings: Top link bar |
Inherited by default from the parent site. |
|
Quick Launch |
Site |
Site Settings: Tree view and Site Settings: Quick Launch |
Enabled by using the Tree View settings; configured by using the Quick Launch settings. |
|
Tree View |
Site |
Site Settings: Tree view |
Can be enabled or disabled, but contents cannot be configured. |
Content Management
An enterprise typically requires control over the information that is maintained in a system such as Windows SharePoint Services 3.0. Managing consistency across disparate content stores, such as lists and libraries, enables more effective searching, analysis, and knowledge management. To better understand the manageability controls related to content management, we will explore a scenario within the sales department of Contoso.com.
The most granular component of Windows SharePoint Services content is the item in a list, or the document in a library. For purposes of this discussion, items and documents can be described together. Each is, in effect, a record in a data table composed of fields called columns. Columns are also referred to as properties, attributes, or metadata, and are defined for the list or library. In a list of customers, for example, Contoso might define a column for “Customer Status”. The status could be a choice column, which appears as a drop-down list when editing or creating items, and choices could include “Sales Lead,” “Opportunity,” and “Active Customer”.
List Template
You have several options for managing content in this scenario. First, you could save the list that maintains customers as a list template. List templates are stored in the list template gallery of the site collection, which you can manage from the top-level site’s settings. Once you create it, you can use the list template as the basis for a new list anywhere in the site collection, creating consistency and ease-of-use. You also can download the list template and then load it into the list template gallery of another site collection.
Site Column
Second, you can define the “Customer Status” column as a site column. Site columns are a definition of a custom field and contain the same options as a list column. However, you can reuse site columns across lists and sites within the site. If Contoso defined a site column for the “Customer Status” choice, you could add that column to any list or site within the site. If, at a later date, you needed to add a choice to the column in each list, you would need to add it only to the definition of the site column. The site column thus provides a single point of management for defining a column throughout a site. It is recommended that you manage site columns from the top level site in a site collection, making those columns available to all sites in the collection.
Content Type
Content types are the most powerful option for managing content in Windows SharePoint Services 3.0. A content type is a definition of an entire item, document, or folder. It describes attributes including columns, workflows, forms used for editing and viewing, and, in the case of documents, the document template and version settings. Content types are hierarchical, deriving their columns from a parent document type. So, for example, Contoso might create a content type for “Customer,” derived from the Windows SharePoint Services 3.0 default “Contact” content type. The “Customer” content type would thus inherit all contact fields, such as names, address, phone number, and e-mail address. Contoso could then add columns such as the customer’s time zone, office hours, photo, and the “Customer Status” column. You could then use the “Customer” content type in any list that contains customer information, and you would not have to redefine any of the columns, workflows, template, or other properties of the content type.
Content types are defined for a site and are available to all sites within that site. It is recommended that you manage content types from the top level site of a site collection, so that the content types are available to all sites in the collection.
Content Management Summary
· List template: Managed using the top-level site’s list template gallery. Available to all sites in the site collection.
· Site column: Managed using the site’s settings. Available to the site and all sites within it. Recommended to manage using top level site’s settings to provide site column to all sites in the collection.
· Content type: Managed using the site’s settings. Available to the site and all sites within it. Recommended to manage using top level site’s settings to provide content type to all sites in the collection.
|
Control |
Configured for Windows SharePoint Services Component |
Location for Configuration |
Notes |
|
List template |
Site collection |
Top-level site’s Site Settings: List template gallery |
Available to all sites within the collection. |
|
Site column |
Site |
Site Settings: Site columns |
Available to the site and all sites within it. Recommended to manage by using top-level site’s settings to provide site column to all sites in the collection. |
|
Content type |
Site |
Site Settings: Site content types |
Available to the site and all sites within it. Recommended to manage by using top level site’s settings to provide content type to all sites in the collection. |
Content Administration
The category of “content administration” relates to issues of managing the type, quantity, and lifecycle of content in a Windows SharePoint Services implementation, as well as to operational issues such as backup and restore.
Self-service Site Creation
The starting point for content administration is determining who is allowed to create a site. Self-service site creation is a powerful capability that enables teams or users to create informal locations for collaboration and document sharing. Some scenarios, such as an application that hosts departmental intranet sites, likely will not support self-service site creation. Self-service site creation is enabled for a Web application, so you might need to have more than one Web application to support scenarios for which self-service site creation is and is not appropriate.
Quotas
The quantity of data that can be stored in a site collection can be configured using SharePoint Central Administration. First, you create quota templates, which define the maximum amount of allowed data for a site collection, and the threshold at which alerts are sent. Then, you apply a quota template to a site collection. All sites within the site collection are then subject to the limits configured by the quota template. The quota defines the maximum, cumulative quantity of data across all sites in the collection.
Set quotas at a level that balances the need to manage storage with increasing numbers of support calls from site owners who are being told their site is out of space. Do the math in your organization by understanding the current and anticipated storage needs for sites and determining how many calls you want to get. Don’t set your quota at the expected average site collection size, or you will get support calls for quota increases for half of your sites. Instead, set quota size toward the top end of the acceptable level of storage and consider how much the storage costs versus the support call or the cost of time involved in increasing the quota. Although storage has become very cheap, quotas will encourage users to be responsible with their data.
If, for example, you anticipate having 1,000 site collections supporting team collaboration, and you anticipate that site collections will require between 100 MB and 600 MB of storage, evenly distributed across that 500 MB range, then by setting a quota of 550 MB, you can anticipate that 10 percent of the site collections will end up over quota. That means you can expect, over time, approximately 100 support calls requesting “exception” from the policy.
Blocked File Types
In addition to limiting the quantity of data through quotas, you can configure the types of files that are allowed. The Web application’s Blocked File Types settings, which you access from the Operations tab of SharePoint Central Administration, will allow you to block uploaded file types by extension. If you want to unblock a file type, you must remove it from Global Blocked File Types for the server prior to removing it from the Web application’s blocked file types list.
You can also specify the maximum upload size in the Web application’s general settings. Generally, best-practice guidance is to specify an upload size that will discourage users from abusing the site as a storage location for files that are large and inappropriate for the site’s purpose. The default maximum upload size is 50 MB, but you can reasonably increase this to 100 MB or possibly to the Microsoft SQL Server maximum limit of 2 GB.
Site Deletion
A final way to control the quantity of data in your Windows SharePoint Services 3.0 implementation is to configure site deletion. In SharePoint Central Administration’s Application Management page, click Site Use Confirmation and Deletion to configure site expiration. The behavior of site use confirmation and deletion in Windows SharePoint Services 3.0 is to send e-mails to a site collection’s owners after the site collection has been in existence for a specified number of days. If the site collection owner confirms that the site is in use, the clock is reset and notifications will be sent after the specified number of days passes once again. The notifications can be sent daily, weekly, or monthly. You can then configure Windows SharePoint Services 3.0 to automatically delete the site collection and all content, including sites within it, if a specified number of notices are sent without use confirmation from a site owner.
For example, you could configure Windows SharePoint Services 3.0 to check with site collection owners after 90 days, and to send notifications daily for 30 days. If the site collection owner confirms use, a notification will be sent only once every 90 days. But if the site collection owner does not confirm use, a notification will be sent each day for another 29 days. If the site collection owner fails to respond, then the site collection will be deleted on the 120th day.
An important caution about this out-of-box feature is that Windows SharePoint Services 3.0 will expire an entire site collection based on this configuration if the site collection owner does not confirm use, whether or not the collection’s sites are actually receiving visits and changes from users. Third-party solutions and tools can add significantly greater granularity and flexibility to content expiration management on Windows SharePoint Services 3.0. You can find tools that will facilitate the management of site life cycle at the CodePlex SharePoint Governance and Manageability page (http://go.microsoft.com/fwlink/?LinkId=92682&clcid=0x409).
Recycle Bin
If a user accidentally deletes an item, the user can restore the item from the site’s Recycle Bin. After a specified period of time, the item is removed from the site’s Recycle Bin but remains in the site collection’s Recycle Bin (called the second-stage Recycle Bin), from which site collection administrators can restore it. Then, the item is removed completely. You can configure the availability of the Recycle Bin, the lifetime of items in the site and second-stage Recycle Bins, and the amount of storage space available to the second-stage recycle bin in the Web application’s general settings.
Backup and Restore
The Recycle Bin does not enable recovery of entire sites. To recover sites, you will have to perform a restore operation on a previously made backup of the content database. Backup and restore is performed from the Operations page of SharePoint Central Administration.
Without third-party utilities, backup and restore is only as granular as the content database. A community-supported utility for capturing deleted sites so that they can be recovered more easily is available at http://www.codeplex.com/governance.
Content Administration Summary
· Self-service site creation: Users can create informal sites to support collaboration if self-service site creation is enabled for the Web application.
· Quotas: Quota templates are defined for the Web application and applied to a site collection by using SharePoint Central Administration. The quota set by a template manages the cumulative storage of all sites in the site collection.
· Blocked File Types: Blocked file types can be managed using SharePoint Central Administration’s Operations page, and apply to an entire Web application.
· Site use confirmation and deletion: You can configure Windows SharePoint Services 3.0 to confirm that a site collection is in use with the site collection’s owners and, if they do not confirm use, to delete the site collection and all of the sites within it.
· Recycle Bin: Items and lists can be restored from the site’s Recycle Bin or, for a period of time after deletion from the site’s Recycle Bin, from the site collection’s Recycle Bin.
· Backup and Restore: You can back up and restore content databases, Web applications, and the server farm by using the Operations page of SharePoint Central Administration.
|
Control |
Configured for Windows SharePoint Services Component |
Location for Configuration |
Notes |
|
Self-service site creation |
Web application |
SharePoint Central Administration: Application Management: Self-service site management |
|
|
Quotas |
Site Collection |
SharePoint Central Administration: Application Management: Quota templates and Site collection quotas and locks |
A quota set on the site collection applies to all within the site collection. |
|
Blocked File Types |
Web application |
SharePoint Central Administration: Operations: Blocked file types |
A blocked file type must be removed from the global blocked file types list, and then removed from the Web application’s list. |
|
Site use confirmation and deletion |
Web application |
SharePoint Central Administration: Application Management |
Deletes a site collection and all its content (including the sites within it) if site collection owners do not confirm use after a specified period of time. |
|
Recycle Bin |
Web application |
SharePoint Central Administration: Web application general settings |
Configure the availability of the site Recycle Bin, the period of time that items remain in the site’s Recycle Bin, the amount of storage available in the second-stage (site collection) Recycle Bin, and how long items remain there. |
|
Backup and Restore |
Content database or Web application |
SharePoint Central Administration: Operations |
Backup and restore operations for Windows SharePoint Services 3.0 are set to the level of content databases. |
Search
Windows SharePoint Services 3.0 supports search within a site collection recursive and within sites. That means the maximum scope of a search using Windows SharePoint Services 3.0 is the site collection, represented by its top-level site. When a user requests a search, results are security trimmed, displaying only the items to which the user has access. It is typically not necessary to apply manageability controls in a Windows SharePoint Services 3.0 infrastructure. However, two manageability controls are available.
Content Databases
Microsoft SQL Server optimizes queries of a database based on the data in the database. Therefore, if two sites contain wildly different types of data, separating those sites into unique content databases might improve search performance for each. However, the performance of SQL Server on the hardware typical in today’s enterprises makes this a somewhat academic discussion for most Windows SharePoint Services implementations. You can optimize search performance by assigning databases to a particular server in the server farm. By default, when a Web application is extended, the server that it was extended on will provide the indexing function. To optimize performance, assign indexing of the content databases evenly across all of the servers in the server farm.
If you have more than one content database, each new site collection uses the next content database in turn. The easiest way to ensure a site collection is created in a specific content database is to configure the maximum number of sites for each other database equal to its current number of sites. The only database with capacity for the new site collection will host the site collection.
Search Visibility
Because the results list produced by a search is security trimmed, you do not need to hide sites, lists, or libraries from search for security considerations. However, if a site, list, or library contains content that will not be necessary for any user to search, or that does not add value to results lists, you can hide that site, list, or library from search in order to facilitate optimized indexing, search performance, and results.
You can hide a site by using the Search Visibility settings in the Site Settings. You can hide a list or library by using the Advanced Settings in the list’s or library’s settings.
Windows SharePoint Services 3.0 does not provide an option for searching across site collections. Such functionality is added to an organization by deploying Office SharePoint Server 2007. For Windows SharePoint Services 3.0 implementations, the recommended practice is to create a directory of sites that can guide users to site collections. Users can then visit each site collection to search it. Such a directory site is described in more detail in the white paper Implementing Windows SharePoint Services Governance.
Search Summary
· Content databases: SQL Server optimizes queries based on the type of data in a database. Therefore, sites with distinctly different types of content might benefit from being hosted in separate content databases.
· Search visibility: If a site, list, or library should not be listed in the search results for any user, or does not provide value to search results, you can hide the visibility of the site, list, or library.
|
Control |
Configured for Windows SharePoint Services Component |
Location for Configuration |
Notes |
|
Search Performance |
Web Application/
Content Database |
Controlling which sites are hosted in each content database |
SQL Server performs better by optimizing queries based on data in the content database. |
|
Search Visibility |
Site, List, or Library |
Site Settings or List or Library settings |
If the content of a site, list, or library does not add value to searches within a site collection, hide the site, list, or library from search. |
Service Management
The final category of manageability controls relates to the management of Windows SharePoint Services 3.0 as a service. These controls are each configured for the Web application and thus affect every site collection, site, list, and library hosted by the application.
Process Isolation
A Web application is a unique Internet Information Services (IIS) Web site with its own URL and related Web properties. IIS allows you to assign a Web site to an application pool, which, among other things, determines the security context and thread within which the application is executed. By separating Web applications into unique application pools, you can increase the resiliency of those applications: If one application hangs or crashes, it can be restarted without impacting other applications.
Feature Availability
SharePoint Products and Technologies features are packages that enable the easy deployment of new content types and functionality. Many of the application templates provided by Microsoft at Application Templates for Windows SharePoint Services 3.0 (http://go.microsoft.com/fwlink/?LinkID=86751&clcid=0x409) and on CodePlex (http://go.microsoft.com/fwlink/?LinkId=92683&clcid=0x409) are installed as features. A feature is not available for a site to activate until it has been enabled for the Web application and for the site collection. Therefore, if you wish to prevent administrators of one site from leveraging functionality provided by a feature that is enabled for a Web application and site collection, you need to create a separate Web application to host that site.
Service Management Summary
· Process isolation: Web applications can be assigned to unique application pools, enhancing the stability of the applications on an IIS server.
· Feature availability: Features are enabled, first, for a Web application. If you wish to make a feature available for users in one site collection but not in another, you must create two separate Web applications to support that scenario.
|
Control |
Configured for Windows SharePoint Services Component |
Location for Configuration |
Notes |
|
Process isolation |
Web application |
During creation of Web application or thereafter in IIS |
|
|
Feature availability |
Web application, site collection, site |
SharePoint Central Administration: Application Management: Manage Web application features |
|
Summary of Manageability Controls
The following table illustrates the most important manageability controls and the component of Windows SharePoint Services 3.0 that supports the control.
|
Web application |
Site collection |
Site |
List or library |
|
SECURITY |
|
|
|
|
· Authentication Provider
· Security Validation Expiration
· Anonymous access
· Permissions
· Security policies |
· Authentication for a site |
· Anonymous access
· Permission levels |
· Anonymous access
· Access to securable objects |
|
BRANDING |
|
|
|
|
|
|
· Master pages
· Top link bar
· Quick Launch
· Tree View |
|
|
CONTENT MANAGEMENT |
|
|
|
|
|
· List template |
· Site column
· Content type |
|
|
CONTENT ADMINISTRATION |
|
|
|
|
· Self-service site creation
· Blocked File Types
· Site use confirmation and deletion
· Recycle Bin
· Backup and Restore |
· Quotas |
|
|
|
SEARCH |
|
|
|
|
|
· Search Performance (Content Database) |
· Search Visibility |
· Search Visibility |
|
SERVICE MANAGEMENT |
|
|
|
|
|
· Process isolation
· Feature availability |
· Feature availability |
· Feature availability |
Conclusion
By understanding which manageability controls are configurable for each component of the Windows SharePoint Services hierarchy, you can design a Windows SharePoint Services 3.0 implementation that appropriately leverages these controls for the type of content that will be hosted.
The white paper Supporting Information Architecture with Windows SharePoint Services Manageability Controls provides detailed guidance for determining how specific types of content can be managed effectively with Windows SharePoint Services 3.0.
