Welcome to MSDN Blogs Sign in | Join | Help

Windows SharePoint Services Manageability Controls (Governance Series Part 1 of 5)

In an effort to share the wealth of information that I've been working on over the past few months, I figured it made sense to share some of these key whitepapers on governance in the means of a blog post.  You can evaluate for yourself if you find this information useful.  Governance may be a tough grasp for you as to why it's so important if you are an IT Professional.  Let me tell you that deployments gone sour are 99% a result of lack of appropriate planning.  If you fail to plan, you plan to fail.  This content is truly about deployment and providing you the knowledge so you can plan appropriately. 

This article, authored by Dan Holme with some help from myself, give you some background and lay the groundwork for what the nobs and controls are in a deployment.  I've recently been saying, Exchange is about hosting Mailboxes and SharePoint is about hosting Site Collections, but that statement might be 90% true.  For you the answer actually might be it's about hosting Web Applications or Sites.  For example... the question do I use a web application or a site collection or a site collection vs. a site is explored here.  This paper lays the framework for the other papers that use the terminology in this paper.  If you prefer to read ahead the links to the other papers are included.  I do recommend reading the actual whitepapers for the best readability and to view the applicable images.

Enjoy. 

Joel Oleson
SharePoint Product Team

Windows SharePoint Services Manageability Controls
Date published: June 2007
Summary:Microsoft® Windows® SharePoint® Services 3.0 enables individuals, teams, departments, and organizations to rapidly deploy solutions that support the knowledge sharing and collaboration required by information workers in the 21st century. The value that Windows SharePoint Services delivers often leads to its rapid adoption by organizations with Web sites that host diverse content and collaborative activities. IT organizations can support these activities effectively by implementing and governing Windows SharePoint Services sites in a way that takes advantage of the manageability features of each component of Windows SharePoint Services logical architecture. This white paper will examine the Windows SharePoint Services architecture to identify which Windows SharePoint Services components provide manageability controls—settings that you can use to enable aspects of governance and manageability.

This white paper is the first in a series that will guide an organization through designing and implementing a governed, manageable Windows SharePoint Services 3.0 environment. Reading each of these papers in the order listed below is recommended:

1.       Windows SharePoint Services Manageability Controls (http://go.microsoft.com/fwlink/?LinkId=92895&clcid=0x409)

2.       Supporting Information Architecture with Windows SharePoint Services Manageability Controls (http://go.microsoft.com/fwlink/?LinkId=92896&clcid=0x409)

3.       Implementing Windows SharePoint Services Governance (http://go.microsoft.com/fwlink/?LinkId=92897&clcid=0x409)

The three white papers, as well as other excellent resources related to the governance of SharePoint Products and Technologies, can be found at the Governance Information for SharePoint Server 2007 landing page (http://go.microsoft.com/fwlink/?LinkID=90916&clcid=0x409) on Microsoft TechNet.

To get the most from these white papers, you can familiarize yourself with Windows SharePoint Services 3.0 by using product documentation contained in the Windows SharePoint Services 3.0 Technical Library (http://go.microsoft.com/fwlink/?LinkID=73952&clcid=0x405).

Windows SharePoint Services Components

To design a manageable Microsoft® Windows® SharePoint® Services infrastructure, an organization’s design team must identify the components of Windows SharePoint Services logical architecture that enable aspects of control and manageability.

Windows SharePoint Services logical architecture comprises the following components:

·         Server farm or single server deployment: The top-level design construct of a Windows SharePoint Services infrastructure is a stand-alone or server farm deployment of Windows SharePoint Services. A stand-alone installation includes Windows SharePoint Services and Microsoft SQL Server® on the same server. A server farm allows the separation of application and database server roles. An enterprise can support one or more Windows SharePoint Services farms. You administer each server farm as a unit from the shared administrative tools in the server farm’s SharePoint Central Administration site.

·         Web application: A Web application is a logical component that is associated in a one-to-one relationship with a unique Microsoft Internet Information Services (IIS) Web site. You use the server farm’s SharePoint Central Administration site to manage Web applications.

·         Site collection: A site collection is a component that encompasses one or more Windows SharePoint Services sites. You manage some features of site collections by using SharePoint Central Administration, and you manage others from the Site Settings page of the site collection’s top-level site.

·         Site: Within a site collection, you can create one or more Windows SharePoint Services sites.

·         Top-level site: The top-level site within a site collection is the site with the URL of the site collection itself. Top-level sites define certain configurations, such as features and templates, that affect all sites within the site collection.

·         Lists and libraries: Lists and libraries are basically the equivalent of data tables in a database application. Whereas lists can support document attachments, libraries are a type of list in which the document is the focal point, and columns in the list provide metadata about the document.

·         Items and documents: The records in a Windows SharePoint Services list are called items. A library is a list that contains documents.

These components of Windows SharePoint Services are illustrated in the graphic in the whitepaper.

For more information about the components of Windows SharePoint Services and how to design a Windows SharePoint Services infrastructure, see the Windows SharePoint Services 3.0 Technical Library (http://go.microsoft.com/fwlink/?LinkID=73952&clcid=0x405).

Windows SharePoint Services Manageability Controls

Windows SharePoint Services 3.0 offers several features that let you configure aspects of manageability. You can implement each of these features, which we will refer to as “manageability controls,” by configuring properties of specific Windows SharePoint Services components. For purposes of this discussion, manageability controls will be grouped into the following categories: security, branding, navigation, content management, content administration, search, and service management.

Security

Security can be divided into two primary components: authentication and authorization.

Authentication Provider

Windows SharePoint Services authentication is configured by the Web application’s authentication provider. Windows SharePoint Services 3.0 supports Windows authentication, which enables users to authenticate with accounts stored in the server’s local security accounts manager (SAM) database or in Active Directory (AD). Additionally, you can configure a Web application to use forms-based authentication, which supports any ASP.NET 2.0 authentication provider or Active Directory Federated Services (ADFS).

In order to support more than one authentication provider, you will need to create or extend more than one Web application. For example, you might want to give Windows SharePoint Services 3.0 access to users within your organization who maintain accounts in Active Directory, as well as to partners who access Windows SharePoint Services 3.0 through an extranet site by using accounts stored in an ASP.NET 2.0 authentication provider. To give this access, you need to create a Web application (for example, http://intranet.contoso.com) that uses Windows authentication. You would then extend that application to another Web application (for example, http://extranet.contoso.com) that would utilize forms-based authentication. Both sites would be attached to the same content database. Therefore, regardless of which URL they accessed, users would see the same content.

Authentication Timeout for Forms Based Authentication

If the Web application uses forms-based authentication, the user will remain authenticated until the user closes his or her browser or until the authentication timeout occurs. You can configure this expiration time, set by default to 30 minutes, for a Web application in the application’s Web.config file. Add or modify the timeout attribute of the forms element, for example:

<forms loginUrl="login.aspx" name=".ASPXFORMSAUTH" timeout="100" />

Authentication for a Site

To allow a user to authenticate to a specific site, you must add to the site collection (by using the People and Groups link in the site’s settings) the user’s account or a group to which the user belongs. The definition of valid users and groups is contained at the site collection level and, once added, you can give to a user or group permissions to any object (site, list, library, item, or document) within the site collection.

Anonymous Access

Users without user or group accounts in the site collection are considered anonymous users. You must set anonymous access, which is off by default, at the Web application level before such users can access any site or list. Once you have enabled anonymous access for the Web application, you can configure it for a site to support access to the entire site or to specific lists and libraries. Each list and library can then deny or allow anonymous access.

Access to Securable Objects

After authentication as either a valid user account or as an anonymous user, access to any securable object (a site, list, library, item, or document) is controlled by the permissions for that object. Permissions should be assigned to groups defined in either the SharePoint site collection or the authentication provider (such as Active Directory groups), but can also be assigned to a user defined in the authentication provider. By default, permissions are inherited from the parent object. The permissions assigned to the top-level site in a site collection are inherited by each site within the collection, each library and list within that site, and each document and item within the library or list. You can edit permissions on any securable object, but by doing so, you break the inheritance of that object’s permissions from its parent, and any changes to the parent’s permissions will no longer affect the child object.

Permission Levels

The permission levels you can configure on a securable object for a user or group are, by default, Full Control, Design, Contribute, Read, and Limited Access. You can modify these permission levels at the site collection level to enable the configuration of additional security-related roles.

Permissions

Each permission level is itself composed of granular permissions. For example, the Read permission level comprises eleven permissions such as View Pages, View Items, and Create Alerts. By default, all Windows SharePoint Services permissions are available for use in defining permission levels in a site collection. However, you can restrict which permissions are available to site collections within a Web application by configuring User permissions for Web application in SharePoint Central Administration.

Web Application Policies

Finally, Windows SharePoint Services 3.0 enables you to override object-level permissions through security policies configured for the Web application. By default, the administrators of the server hosting Windows SharePoint Services do not have access to any Windows SharePoint Services content. If business needs mandate such access, you can configure a security policy for each Web application that enables appropriate access for the administrators group. Similarly, corporate policy may require that a team of auditors or security personnel have access to content within a Web application. A Full Control or Full Read policy will provide the assigned users access to content throughout the Web application, overriding any more restrictive permissions on objects within the application. Alternatively, a particular group of users might need to be restricted from accessing content, even if permissions have been granted that would otherwise allow access. A Deny Write or Deny All policy will override any more liberal permissions on objects within the Web application.

Security Control Summary

·         Authentication provider: Configured for the Web application in SharePoint Central Administration.

·         Authentication timeout for forms-based authentication: By default, 30 minutes. Configured for the Web application in Web.config. Add or modify a timeout attribute to the forms element.

·         Authentication for a site: Configured by adding the user or a group to which the user belongs to the site collection in People and Groups.

·         Anonymous authentication: Enabled for the Web application in its authentication provider configuration. Then enabled for the site (none, entire site, or lists and libraries) and then further restricted or enabled per list or library.

·         Access to securable objects: Configured for the securable object (site, list, library, item, or document). By default, inherited from parent object. Permission levels assigned to a user in the authentication provider or to a group in either the authentication provider or the site collection’s groups.

·         Permission levels: Defined in the site’s Permissions settings. By default, inherited from the parent site.

·         Permissions: Enabled for the Web application in SharePoint Central Administration.

·         Security policies: Configured for the Web application in SharePoint Central Administration.

Control

Configured for Windows SharePoint Services Component

Location for Configuration

Notes

Authentication provider

Web application

SharePoint Central Administration: Application Management: Authentication providers: Edit Authentication

Windows, forms-based, or Web single sign-on (SSO) is available.

Authentication timeout for forms-based authentication

Web application

Web application’s Web.config file: The timeout attribute of the forms element

Configure the lifetime of the authentication cookie. Authentication will time out at this interval or when the user closes the browser.

Authentication for a site

Site collection

People and Groups: All People or People and Groups: All Groups

Add a user or a group to which the user belongs to the site collection.

Anonymous access

Web application

SharePoint Central Administration: Application Management: Authentication Providers: Edit Authentication

Anonymous access to any object within the Web application is not possible unless enabled by the Web application.

 

Site

Site Settings: Permissions

At the site level, anonymous access can be:

·         Blocked

·         Enabled for the entire site

·         or enabled for specific lists and libraries

 

List or library

List Settings: Permissions for this list

A list or library can enable anonymous users to add, edit, view, and/or delete items.

Access to securable objects

Object (site, list, library, item, or document)

Permissions

By default, permissions are inherited from the parent object. Permission levels are assigned to a user in the authentication provider or to a group in either the authentication provider or the site collection’s groups.

Permission levels

Site

Site Settings: Permissions

By default, permission levels such as Full Control, Contribute, Read, and Limited Access are inherited from the parent site.

Permissions

Web application

SharePoint Central Administration: Application Management: User permissions for Web application

Permissions supported by Windows SharePoint Services 3.0 can be enabled or disabled for a Web application. Enabled permissions are used to create permission levels for a site.

Security policies

Web application

SharePoint Central Administration: Application Management: Policy for Web application

Security policies allow you to enable or deny access to users or groups. Policies override the permissions on securable objects.

 

Branding

Branding refers to the look-and-feel of your SharePoint sites. Your sites should reflect the standards of your organization for logo usage, color, layout, and boilerplate content (such as a copyright notice).

Master Page

The primary branding control is the master page. ASP.NET 2.0 master pages create a common appearance to pages in a site by defining components such as headers, footers, and navigational elements. A master page contains one or more content controls that expose the unique content of a page. Each content page is linked to its master page. When that page is requested, the server renders the master page, and then renders the content page in the appropriate content controls of the master page.

A Windows SharePoint Services site can contain one or more master pages in its master pages gallery, accessible through the Site Settings page. A site also inherits master pages that have been made available in parent sites. Therefore, you can use a single master page in the top-level site of a site collection to drive branding on all sites within the site collection, or you can deploy multiple master pages to support variations in look-and-feel.

Note that if multiple master pages are available within a site, you must use Microsoft Office SharePoint Designer 2007, or a developer tool such as Microsoft Visual Studio® 2005, to assign the master page for each content page. Microsoft Office SharePoint Server 2007 provides a user-accessible method for selecting a master page in the Web-based interface of the site.

Branding Control Summary

·         Master pages: Master pages are maintained by a site in its master pages gallery. A site also inherits master pages maintained by parent sites.

Control

Configured for Windows SharePoint Services Component

Location for Configuration

Notes

Master Pages

Site

Site Settings: Master pages gallery

A site maintains its own master pages gallery and inherits master pages of parent sites.

Navigation

A manageable implementation of Windows SharePoint Services 3.0 will provide appropriately consistent navigation within and between sites, site collections, and Web applications. You can code navigational elements into the master page or pages, or you can use the top link bar and Quick Launch, which are supported out-of-the-box with Windows SharePoint Services 3.0.

Top Link Bar

The top link bar is, by default, a series of tabs near the top of the site’s pages that provide navigation to the top-level site and each first-level site. By default, each site inherits the top link bar of its parent site. However, you can configure the top link bar in each site’s settings. To remove the top link bar entirely, you can simply delete each link in the bar.

Office SharePoint Server 2007 enables a richer out-of-box navigation capability, with a top link bar  that provides drop-down menus for navigation to sites or external links.

Quick Launch

Quick Launch appears, by default, on each user-facing page of a Windows SharePoint Services 3.0 site. It does not appear on the Site Settings or List Settings pages. Quick Launch is designed to provide a consistent navigational experience for all pages within a site. You enable it in the Site Settings page by clicking Tree View. You configure its contents by clicking Quick Launch.

Tree View

A tree view is also available to display a site’s contents in a tree-like structure. You enable it in a site’s settings by clicking Tree View, which will display the site’s lists, libraries, and sites.

Navigation Control Summary

·         Top link bar: Inherited by default from the parent site. Configured in the site’s settings.

·         Quick Launch: Enabled by using Tree View settings in site settings. Configured by using Quick Launch in site settings.

·         Tree View: Enabled by using Tree View in site settings.

Control

Configured for Windows SharePoint Services Component

Location for Configuration

Notes

Top link bar

Site

Site Settings: Top link bar

Inherited by default from the parent site.

Quick Launch

Site

Site Settings: Tree view and Site Settings: Quick Launch

Enabled by using the Tree View settings; configured by using the Quick Launch settings.

Tree View

Site

Site Settings: Tree view

Can be enabled or disabled, but contents cannot be configured.

 

Content Management

An enterprise typically requires control over the information that is maintained in a system such as Windows SharePoint Services 3.0. Managing consistency across disparate content stores, such as lists and libraries, enables more effective searching, analysis, and knowledge management. To better understand the manageability controls related to content management, we will explore a scenario within the sales department of Contoso.com.

The most granular component of Windows SharePoint Services content is the item in a list, or the document in a library. For purposes of this discussion, items and documents can be described together. Each is, in effect, a record in a data table composed of fields called columns. Columns are also referred to as properties, attributes, or metadata, and are defined for the list or library. In a list of customers, for example, Contoso might define a column for “Customer Status”. The status could be a choice column, which appears as a drop-down list when editing or creating items, and choices could include “Sales Lead,” “Opportunity,” and “Active Customer”.

List Template

You have several options for managing content in this scenario. First, you could save the list that maintains customers as a list template. List templates are stored in the list template gallery of the site collection, which you can manage from the top-level site’s settings. Once you create it, you can use the list template as the basis for a new list anywhere in the site collection, creating consistency and ease-of-use. You also can download the list template and then load it into the list template gallery of another site collection.

Site Column

Second, you can define the “Customer Status” column as a site column. Site columns are a definition of a custom field and contain the same options as a list column. However, you can reuse site columns across lists and sites within the site. If Contoso defined a site column for the “Customer Status” choice, you could add that column to any list or site within the site. If, at a later date, you needed to add a choice to the column in each list, you would need to add it only to the definition of the site column. The site column thus provides a single point of management for defining a column throughout a site. It is recommended that you manage site columns from the top level site in a site collection, making those columns available to all sites in the collection.

Content Type

Content types are the most powerful option for managing content in Windows SharePoint Services 3.0. A content type is a definition of an entire item, document, or folder. It describes attributes including columns, workflows, forms used for editing and viewing, and, in the case of documents, the document template and version settings. Content types are hierarchical, deriving their columns from a parent document type. So, for example, Contoso might create a content type for “Customer,” derived from the Windows SharePoint Services 3.0 default “Contact” content type. The “Customer” content type would thus inherit all contact fields, such as names, address, phone number, and e-mail address. Contoso could then add columns such as the customer’s time zone, office hours, photo, and the “Customer Status” column. You could then use the “Customer” content type in any list that contains customer information, and you would not have to redefine any of the columns, workflows, template, or other properties of the content type.

Content types are defined for a site and are available to all sites within that site. It is recommended that you manage content types from the top level site of a site collection, so that the content types are available to all sites in the collection.

Content Management Summary

·         List template: Managed using the top-level site’s list template gallery. Available to all sites in the site collection.

·         Site column: Managed using the site’s settings. Available to the site and all sites within it. Recommended to manage using top level site’s settings to provide site column to all sites in the collection.

·         Content type: Managed using the site’s settings. Available to the site and all sites within it. Recommended to manage using top level site’s settings to provide content type to all sites in the collection.

Control

Configured for Windows SharePoint Services Component

Location for Configuration

Notes

List template

Site collection

Top-level site’s Site Settings: List template gallery

Available to all sites within the collection.

Site column

Site

Site Settings: Site columns

Available to the site and all sites within it. Recommended to manage by using top-level site’s settings to provide site column to all sites in the collection.

Content type

Site

Site Settings: Site content types

Available to the site and all sites within it. Recommended to manage by using top level site’s settings to provide content type to all sites in the collection.

Content Administration

The category of “content administration” relates to issues of managing the type, quantity, and lifecycle of content in a Windows SharePoint Services implementation, as well as to operational issues such as backup and restore.

Self-service Site Creation

The starting point for content administration is determining who is allowed to create a site. Self-service site creation is a powerful capability that enables teams or users to create informal locations for collaboration and document sharing. Some scenarios, such as an application that hosts departmental intranet sites, likely will not support self-service site creation. Self-service site creation is enabled for a Web application, so you might need to have more than one Web application to support scenarios for which self-service site creation is and is not appropriate.

Quotas

The quantity of data that can be stored in a site collection can be configured using SharePoint Central Administration. First, you create quota templates, which define the maximum amount of allowed data for a site collection, and the threshold at which alerts are sent. Then, you apply a quota template to a site collection. All sites within the site collection are then subject to the limits configured by the quota template. The quota defines the maximum, cumulative quantity of data across all sites in the collection.

Set quotas at a level that balances the need to manage storage with  increasing numbers of support calls from site owners who are being told their site is out of space. Do the math in your organization by understanding the current and anticipated storage needs for sites and determining how many calls you want to get. Don’t set your quota at the expected average site collection size, or you will get support calls for quota increases for half of your sites. Instead, set quota size toward the top end of the acceptable level of storage and consider how much the storage costs versus the support call or the cost of time involved in increasing the quota. Although storage has become very cheap, quotas will encourage users to be responsible with their data.

If, for example, you anticipate having 1,000 site collections supporting team collaboration, and you anticipate that site collections will require between 100 MB and 600 MB of storage, evenly distributed across that 500 MB range, then by setting a quota of 550 MB, you can anticipate that 10 percent of the site collections will end up over quota. That means you can expect, over time, approximately 100 support calls requesting “exception” from the policy.

Blocked File Types

In addition to limiting the quantity of data through quotas, you can configure the types of files that are allowed. The Web application’s Blocked File Types settings, which you access from the Operations tab of SharePoint Central Administration, will allow you to block uploaded file types by extension. If you want to unblock a file type, you must remove it from Global Blocked File Types for the server prior to removing it from the Web application’s blocked file types list.

You can also specify the maximum upload size in the Web application’s general settings. Generally, best-practice guidance is to specify an upload size that will discourage users from abusing the site as a storage location for files that are large and inappropriate for the site’s purpose. The default maximum upload size is 50 MB, but you can reasonably increase this to 100 MB or possibly to the Microsoft SQL Server maximum limit of 2 GB.

Site Deletion

A final way to control the quantity of data in your Windows SharePoint Services 3.0 implementation is to configure site deletion. In SharePoint Central Administration’s Application Management page, click Site Use Confirmation and Deletion to configure site expiration. The behavior of site use confirmation and deletion in Windows SharePoint Services 3.0 is to send e-mails to a site collection’s owners after the site collection has been in existence for a specified number of days. If the site collection owner confirms that the site is in use, the clock is reset and notifications will be sent after the specified number of days passes once again. The notifications can be sent daily, weekly, or monthly. You can then configure Windows SharePoint Services 3.0 to automatically delete the site collection and all content, including sites within it, if a specified number of notices are sent without use confirmation from a site owner.

For example, you could configure Windows SharePoint Services 3.0 to check with site collection owners after 90 days, and to send notifications daily for 30 days. If the site collection owner confirms use, a notification will be sent only once every 90 days. But if the site collection owner does not confirm use, a notification will be sent each day for another 29 days. If the site collection owner fails to respond, then the site collection will be deleted on the 120th day.

An important caution about this out-of-box feature is that Windows SharePoint Services 3.0 will expire an entire site collection based on this configuration if the site collection owner does not confirm use, whether or not the collection’s sites are actually receiving visits and changes from users. Third-party solutions and tools can add significantly greater granularity and flexibility to content expiration management on Windows SharePoint Services 3.0. You can find tools that will facilitate the management of site life cycle at the CodePlex SharePoint Governance and Manageability page (http://go.microsoft.com/fwlink/?LinkId=92682&clcid=0x409).

Recycle Bin

If a user accidentally deletes an item, the user can restore the item from the site’s Recycle Bin. After a specified period of time, the item is removed from the site’s Recycle Bin but remains in the site collection’s Recycle Bin (called the second-stage Recycle Bin), from which site collection administrators can restore it. Then, the item is removed completely. You can configure the availability of the Recycle Bin, the lifetime of items in the site and second-stage Recycle Bins, and the amount of storage space available to the second-stage recycle bin in the Web application’s general settings.

Backup and Restore

The Recycle Bin does not enable recovery of entire sites. To recover sites, you will have to perform a restore operation on a previously made backup of the content database. Backup and restore is performed from the Operations page of SharePoint Central Administration.

Without third-party utilities, backup and restore is only as granular as the content database. A community-supported utility for capturing deleted sites so that they can be recovered more easily is available at http://www.codeplex.com/governance.

Content Administration Summary

·         Self-service site creation: Users can create informal sites to support collaboration if self-service site creation is enabled for the Web application.

·         Quotas: Quota templates are defined for the Web application and applied to a site collection by using SharePoint Central Administration. The quota set by a template manages the cumulative storage of all sites in the site collection.

·         Blocked File Types: Blocked file types can be managed using SharePoint Central Administration’s Operations page, and apply to an entire Web application.

·         Site use confirmation and deletion: You can configure Windows SharePoint Services 3.0 to confirm that a site collection is in use with the site collection’s owners and, if they do not confirm use, to delete the site collection and all of the sites within it.

·         Recycle Bin: Items and lists can be restored from the site’s Recycle Bin or, for a period of time after deletion from the site’s Recycle Bin, from the site collection’s Recycle Bin.

·         Backup and Restore: You can back up and restore content databases, Web applications, and the server farm by using the Operations page of SharePoint Central Administration.

Control

Configured for Windows SharePoint Services Component

Location for Configuration

Notes

Self-service site creation

Web application

SharePoint Central Administration: Application Management: Self-service site management

 

Quotas

Site Collection

SharePoint Central Administration: Application Management: Quota templates and Site collection quotas and locks

A quota set on the site collection applies to all within the site collection.

Blocked File Types

Web application

SharePoint Central Administration: Operations: Blocked file types

A blocked file type must be removed from the global blocked file types list, and then removed from the Web application’s list.

Site use confirmation and deletion

Web application

SharePoint Central Administration: Application Management

Deletes a site collection and all its content (including the sites within it) if site collection owners do not confirm use after a specified period of time.

Recycle Bin

Web application

SharePoint Central Administration: Web application general settings

Configure the availability of the site Recycle Bin, the period of time that items remain in the site’s Recycle Bin, the amount of storage available in the second-stage (site collection) Recycle Bin, and how long items remain there.

Backup and Restore

Content database or Web application

SharePoint Central Administration: Operations

Backup and restore operations for Windows SharePoint Services 3.0 are set to the level of content databases.

 

Search

Windows SharePoint Services 3.0 supports search within a site collection recursive and within sites. That means the maximum scope of a search using Windows SharePoint Services 3.0 is the site collection, represented by its top-level site. When a user requests a search, results are security trimmed, displaying only the items to which the user has access. It is typically not necessary to apply manageability controls in a Windows SharePoint Services 3.0 infrastructure. However, two manageability controls are available.

Content Databases

Microsoft SQL Server optimizes queries of a database based on the data in the database. Therefore, if two sites contain wildly different types of data, separating those sites into unique content databases might improve search performance for each. However, the performance of SQL Server on the hardware typical in today’s enterprises makes this a somewhat academic discussion for most Windows SharePoint Services implementations. You can optimize search performance by assigning databases to a particular server in the server farm. By default, when a Web application is extended, the server that it was extended on will provide the indexing function. To optimize performance, assign indexing of the content databases evenly across all of the servers in the server farm.

If you have more than one content database, each new site collection uses the next content database in turn. The easiest way to ensure a site collection is created in a specific content database is to configure the maximum number of sites for each other database equal to its current number of sites. The only database with capacity for the new site collection will host the site collection.

Search Visibility

Because the results list produced by a search is security trimmed, you do not need to hide sites, lists, or libraries from search for security considerations. However, if a site, list, or library contains content that will not be necessary for any user to search, or that does not add value to results lists, you can hide that site, list, or library from search in order to facilitate optimized indexing, search performance, and results.

You can hide a site by using the Search Visibility settings in the Site Settings. You can hide a list or library by using the Advanced Settings in the list’s or library’s settings.

Windows SharePoint Services 3.0 does not provide an option for searching across site collections. Such functionality is added to an organization by deploying Office SharePoint Server 2007. For Windows SharePoint Services 3.0 implementations, the recommended practice is to create a directory of sites that can guide users to site collections. Users can then visit each site collection to search it. Such a directory site is described in more detail in the white paper Implementing Windows SharePoint Services Governance.

Search Summary

·         Content databases: SQL Server optimizes queries based on the type of data in a database. Therefore, sites with distinctly different types of content might benefit from being hosted in separate content databases.

·         Search visibility: If a site, list, or library should not be listed in the search results for any user, or does not provide value to search results, you can hide the visibility of the site, list, or library.

Control

Configured for Windows SharePoint Services Component

Location for Configuration

Notes

Search Performance

Web Application/
Content Database

Controlling which sites are hosted in each content database

SQL Server performs better by optimizing queries based on data in the content database.

Search Visibility

Site, List, or Library

Site Settings or List or Library settings

If the content of a site, list, or library does not add value to searches within a site collection, hide the site, list, or library from search.

 

Service Management

The final category of manageability controls relates to the management of Windows SharePoint Services 3.0 as a service. These controls are each configured for the Web application and thus affect every site collection, site, list, and library hosted by the application.

Process Isolation

A Web application is a unique Internet Information Services (IIS) Web site with its own URL and related Web properties. IIS allows you to assign a Web site to an application pool, which, among other things, determines the security context and thread within which the application is executed. By separating Web applications into unique application pools, you can increase the resiliency of those applications: If one application hangs or crashes, it can be restarted without impacting other applications.

Feature Availability

SharePoint Products and Technologies features are packages that enable the easy deployment of new content types and functionality. Many of the application templates provided by Microsoft at Application Templates for Windows SharePoint Services 3.0 (http://go.microsoft.com/fwlink/?LinkID=86751&clcid=0x409) and on CodePlex (http://go.microsoft.com/fwlink/?LinkId=92683&clcid=0x409) are installed as features. A feature is not available for a site to activate until it has been enabled for the Web application and for the site collection. Therefore, if you wish to prevent administrators of one site from leveraging functionality provided by a feature that is enabled for a Web application and site collection, you need to create a separate Web application to host that site.

Service Management Summary

·         Process isolation: Web applications can be assigned to unique application pools, enhancing the stability of the applications on an IIS server.

·         Feature availability: Features are enabled, first, for a Web application. If you wish to make a feature available for users in one site collection but not in another, you must create two separate Web applications to support that scenario.

Control

Configured for Windows SharePoint Services Component

Location for Configuration

Notes

Process isolation

Web application

During creation of Web application or thereafter in IIS

 

Feature availability

Web application, site collection, site

SharePoint Central Administration: Application Management: Manage Web application features

 

Summary of Manageability Controls

The following table illustrates the most important manageability controls and the component of Windows SharePoint Services 3.0 that supports the control.

Web application

Site collection

Site

List or library

SECURITY

 

 

 

·         Authentication Provider

·         Security Validation Expiration

·         Anonymous access

·         Permissions

·         Security policies

·         Authentication for a site

·         Anonymous access

·         Permission levels

·         Anonymous access

·         Access to securable objects

BRANDING

 

 

 

 

 

·         Master pages

·         Top link bar

·         Quick Launch

·         Tree View

 

CONTENT MANAGEMENT

 

 

 

 

·         List template

·         Site column

·         Content type

 

CONTENT ADMINISTRATION

 

 

 

·         Self-service site creation

·         Blocked File Types

·         Site use confirmation and deletion

·         Recycle Bin

·         Backup and Restore

·         Quotas

 

 

SEARCH

 

 

 

 

·         Search Performance (Content Database)

·         Search Visibility

·         Search Visibility

SERVICE MANAGEMENT

 

 

 

 

·         Process isolation

·         Feature availability

·         Feature availability

·         Feature availability

Conclusion

By understanding which manageability controls are configurable for each component of the Windows SharePoint Services hierarchy, you can design a Windows SharePoint Services 3.0 implementation that appropriately leverages these controls for the type of content that will be hosted.

The white paper Supporting Information Architecture with Windows SharePoint Services Manageability Controls provides detailed guidance for determining how specific types of content can be managed effectively with Windows SharePoint Services 3.0.

Published Thursday, June 28, 2007 2:23 AM by joelo

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# University Update - Microsoft Visual Studio - Windows SharePoint Services Manageability Controls (Governance Series Part 1 of 5)

# re: Windows SharePoint Services Manageability Controls (Governance Series Part 1 of 5)

If this article is also available as a download, I don't see the point of quoting it in full in a blog item.

Why not just link to the download (which you do anyway) and if possible in the blog pick out a few highlights ?

Thursday, June 28, 2007 3:41 AM by Mike Walsh

# re: Windows SharePoint Services Manageability Controls (Governance Series Part 1 of 5)

I'd love to hear others thoughts on Mike's comment.  Given it's a blog it's nice to get new information that is otherwise in word docs delivered in your RSS reader.  

I can understand a 40+ page whitepaper you wouldn't want in a blog or have to read online, but this content is pretty short and is fairly rich and may otherwise be discounted.

Joel

Thursday, June 28, 2007 5:58 PM by joelo

# Whitepaper WSS 3.0 Manageability Controls

Dal blog del Team di SharePoint segnalo un interessante whitepaper sulla gestione degli ambienti Windows

Friday, June 29, 2007 12:49 PM by Igor Macori

# re: Windows SharePoint Services Manageability Controls (Governance Series Part 1 of 5)

I thought the full quoting was curious at first, too, but I was sucked in by the front matter and readily consumed it in this form.

If length is an issue with a future doc, perhaps quoting the TOC alone would be sufficient to give prospective readers a sense of what's coming.

Really excellent and helpful content, by the way.

// Doug

Monday, July 02, 2007 12:06 AM by Doug Smalley

# responding to Joel

My comments:

1. HTML is always preferred over other doc formats. RSS is decent, but still underdesigned. The weblog format is atrocious for reading substantive documents-- this is the well-known secret of the blogosphere.

2. I'd like all SharePoint content on a *single* site. And I want it organized like a webzine, so I can browse the headlines & teasers to see what to read. I might have a SharePoint issue every other week, and I when I go to the MSFT SharePoint I want to easily browse what's new (Google "webzine format")

3. I want it integrated with the SharePoint forum on MSDN. I have asked these questions about the fundamental flaws with SharePoint search, but they remain unanswered:

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1689775&SiteID=1

Jon

Friday, July 06, 2007 1:01 PM by Jon Garfunkel

# re: Windows SharePoint Services Manageability Controls (Governance Series Part 1 of 5)

Great feedback.  Next post in this series won't be a full reposting of the word doc/whitepaper, but more selected quotes and a summary of the TOC.

Joel

Monday, July 09, 2007 2:37 AM by joelo

# If you fail to plan, you plan to fail!

Nice oneliner eh? Well it ain&#39;t mine though (or Steven Segal&#39;s).. it&#39;s from Joel Oleson who

Friday, July 27, 2007 2:27 PM by Mirrored Blogs

# SharePoint Kaffeetasse 17

Sicherheit Forefront Security for SharePoint SP1 Available Now Codeplex Tool: Anonyme Kommentare für

Thursday, August 16, 2007 12:16 PM by SharePoint, SharePoint and stuff

# SPPD076 SharePointPodcast

Direkter Download: SPPD-076-2007-08-16 Produktion live via BlogTV Buchtipps Buchtipp Real World SharePoint

Thursday, August 16, 2007 2:07 PM by SharePoint, SharePoint and stuff

# SPPD076 SharePointPodcast

Direkter Download: SPPD-076-2007-08-16 Produktion live via BlogTV Buchtipps Buchtipp Real World SharePoint

Thursday, August 16, 2007 3:06 PM by SharePointPodcast.de

# SPPD076 SharePointPodcast

Direkter Download: SPPD-076-2007-08-16 Produktion live via BlogTV Buchtipps Buchtipp Real World SharePoint

Wednesday, January 09, 2008 8:01 PM by Mirrored Blogs

# re: Windows SharePoint Services Manageability Controls (Governance Series Part 1 of 5)

"If you want to unblock a file type, you must remove it from Global Blocked File Types for the server prior to removing it from the Web application’s blocked file types list."

What the heck does this mean?

Thursday, February 14, 2008 4:10 PM by Brandon

# SPPD076 SharePointPodcast

Direkter Download: SPPD-076-2007-08-16 Produktion live via BlogTV Buchtipps Buchtipp Real World SharePoint

Tuesday, June 09, 2009 7:12 AM by SharePointPodcast

Leave a Comment

(required) 
required 
(required) 

  
Enter Code Here: Required
 
Page view tracker