SlideShare a Scribd company logo
1 of 33
Download to read offline
Notes from the field
How Carolinas HealthCare System
Governs SharePoint
September 2016
9/18/2016 2
9/18/2016 3
9/18/2016 4
9/18/2016 5
Who am I?
• Kelly D. Jones
– Carolinas HealthCare System
• SharePoint Architect & SP Team Manager
– 18+ years industry experience; 10+ SharePoint
• My blog: http://www.KellyDJones.com
• Twitter: @KellyDJones
9/18/2016 6
Agenda
• Why this presentation?
• What is Carolinas HealthCare System?
• The CHS SharePoint governance story
– Where we started
– Where we are
– Where we’re going
9/18/2016 7
Why this presentation?
• Introductions to governance tend to focus on theory:
– Governance is the set of policies, roles, responsibilities, and
processes that control how an organization's business divisions
and IT teams work together to achieve its goals. – MS Technet
• Need for real world examples of governance• Need for real world examples of taming the wild west
– Why was governance introduced?
– How was governance implemented?
– What problems did governance solve?
• Is the way we govern the best? Is it all directly applicable
to you?
– Probably not. Pick and choose what makes sense.
9/18/2016 8
What is CHS?
Carolinas HealthCare System (http://www.carolinashealthcare.org)
9/18/2016 9
CHS – Where we started (2011)
So what massive SharePoint farm was supporting CHS?
• Number of servers in farm:
• Version of SharePoint:
• 70+:
• 2000+
One. (SharePoint + SQL Server)
WSS 3.0 (“free” version of SharePoint 2007)
Web applications.
1 site collection had 330+ top level sub sites
Sub sites in 70+ site collections
9/18/2016 10
CHS – Where we started (2011) cont.
• SharePoint 2010 was set up as a POC
– 1 SharePoint 2010 server
– 2 SQL Server 2008 servers in a cluster
• Consulting firm was engaged:
– Migrate WSS to SP2010
– Estimated to take six weeks
That’s me.
9/18/2016 11
Migrating to 2010 – Backing into governance
• How many sites do we have?
• What functionality is in use?
• What customizations have been done?
• Who do we talk to about this site? Who’s the owner?
9/18/2016 12
Step 1. Take an inventory
• Created a list of all web applications, site
collections, sub sites, solutions
• Sub sites
– Site owners
– Size: amount of data, number
of lists, number of documents
– Templates used
– Is anonymous enabled?
• Web applications
– DNS address
– User policies
• Site collections
– Address
– Site Collection Admins
– Size
9/18/2016 13
Step 2. Store that inventory
• Output of PowerShell can be XML or CSV
• Store them in Excel or SharePoint List?
– We manually imported them from Excel into an SP List
– Our PowerShell eventually could populate the list directly
9/18/2016 14
Step 3. Analyze data: What we found?
• Fab 40 site templates
• Lots of sites with “test” as part of title or URL
• Sites with anonymous access
• Sites storing sensitive data
• One site collection with
– 330+ top level sub sites
– 2,000+ total sub sites
– 2,000+ SharePoint groups
• Users built Word documents that were simply a list of
links to documents stored in the same SP library
(views?)
• 98% of the usage was a glorified file share
9/18/2016 15
Step 4. Technical Enforcement
• Limited site collection administrators to the central
SharePoint team
– Gained control of SharePoint Designer options (and disabled it)
– Gained control of SC features
– Gained control of branding
– Gained control of auditing settings
– Gained control of sandbox solutions
• Set quotas on site collections
– Improved database management
– Improved stability – no more SQL running out of room and
bringing farm to a halt
9/18/2016 16
Step 5. Owner Policy Changes
• Defined site owners for site collections, not subsites
– Many options/decisions are at the site collection level
• Auditing
• Allowing sensitive data or not
– Instantly reduced number of owners from thousands to hundreds
• Identify site owners
– Found owners by looking in the “Owners” group of the root site
within a site collection (aka: tag  you’re it!)
• Categorized owners
– Data Owners
– Primary Site Owner
– Secondary Site Owner
9/18/2016 17
Step 6. Site Management List
• Turned list of site collections into the “Site Management
List”
• Track status of site – new, renewed, read only, archived,
deleted
• New Site Request and Site Update Forms allows owners
to:
– Submit names of new owners
– Set the data classification (sensitive or not)
– Can state site no longer needed
• Renewal process
– Require owners to update their site info annually
9/18/2016 18
Step 7. Information Architecture Changes
• Split up large site collection
– Turned each of the 300 into separate site collections
• Consolidated from 70+ to 1 web application
– Eliminated vanity URLs
• Simplified communications about SharePoint
• Eliminated issues with DNS changes
– Technical issues with that many web apps
– Microsoft recommends no more than 10 per farm
– Microsoft suggests that if you need more than 2-4, you’re doing it
wrong
9/18/2016 19
Step 8. Standard Branding
• Reinforce CHS brand to all teammates (meeting
marketing goals)
• Reminds users this is a CHS property
• Eliminates garish color schemes
– Reduces non productive time spent by owners (we hope they
focus on their content and not the color scheme for the site)
• Added “alert” functionality
– SP team can make a message appear on any site with different
colors
– Great way to notify about outages or upcoming site moves
Lesson Learned: Branding should be as “lite” touch as possible.
• Think through how you will deploy changes to all site collections.
• Test your branding with all site templates.
• Be ready with an alternative if the branding breaks a particular site.
9/18/2016 20
Migrations, Migrations, Migrations!
• Upgrade from WSS 3.0 to SharePoint 2010
– November 2011 until July 2012 (SP2010 Transition farm)
• 3 SP2010 servers + 2 node SQL cluster
– July 2012 until July 2013 (SP2010 Production farm)
• 8 SP2010 servers + 2 FAST + 3 SQL (2 node cluster + AlwaysOn)
• SharePoint 2010 to SharePoint Online
– CHS decided to go 100% to SharePoint Online in June 2013
• Goal is to be migrated by: 12/2013; 3/2014; 7/2014; 10/2015
– Actual migration of sites: January 2015 through June 2016
– Currently decommissioning SharePoint 2010 on premise
9/18/2016 22
Current Environment: Office 365
• Office 365
– CHS decided to go 100% to SharePoint Online in June 2013
– 40k users licensed with E3 plan
• Exchange, SharePoint, OneDrive, Yammer (Skype is on prem)
• SharePoint Online
– 725 Production Site Collections
– 2.9TB SharePoint; 3.7TB OneDrive
– Data Storage Growth
• 20% from 2011 until 2014 (WSS 3.0 & SP2010)
• 100% for 2014 (SP2010 & SharePoint Online)
• 30% for 2015 (SharePoint Online only)
• 260% for 2015 (SharePoint Online & OneDrive)
• 165% for 2016 (SharePoint Online only)
• 152% for 2016 (SharePoint Online & OneDrive)
9/18/2016 23
New Governance Goals
• Providing more information to users to increase their
understanding of our policies
• Reinforce ownership at the site collection level
• Address compliance concerns about new functionality
9/18/2016 24
Governance Updates
• New issues to address
– External Sharing
– File synchronization
– SharePoint App Store
– Promoted sites on Sites page
– OneDrive automatic deletion
• Opportunity to address existing issues
– Site Owners don’t know what they “own”
• Many site collections versus many sub sites
9/18/2016 25
About This Site
• Everyone can view:
– Who the owners are
– Whether sensitive data can
be stored there
– A description of the site,
reinforcing its intended
purpose
– Whether external sharing or
SharePoint Designer are
enabled
– Link for owners to update info
9/18/2016 26
New Security Reports
• Goal is to increase accurate permissions
• External Sharing Report
– List all external users
– What address the invitation was sent to
– What email address accepted the invitation
• Permissions Report
– More easily identify people who should no longer have access
– Highlight problem areas – like too many full control users
• Active Directory Group Report
– If sensitive data is present, how do owners know who is in an AD
group?
9/18/2016 27
Permission Reports Review
Data Tier Classification
External Sharing
Enabled? Schedule
Tier 1 Yes Monthly
Tier 1 No Bi-monthly (every other month)
Tier 2 Yes Quarterly
Tier 2 No Six months
Tier 3 Yes Annually
Tier 3 No Annually
9/18/2016 28
File Synchronization
• Using OneDrive for Business client users can
synchronize the contents of any library to a non CHS
controlled device
• Compliance Issues:
– No requirement for local encryption
– No requirement that the data is remotely wiped when someone
is no longer with CHS
• Solution:
– Built a utility to disable file sync on each and every library in
SharePoint Online and OneDrive
9/18/2016 29
• Microsoft apologized at Microsoft Ignite (May 2015)
– Poor user experience (buggy) with OneDrive for Business Sync
Client
– Lack of compliance controls
• Released 2nd Half of 2015:
– PowerShell command to restrict sync client to work only with
computers joined to a domain
– OneDrive for Business Next Generation Sync Client
• Microsoft is combining all sync clients into one code base
(OneDrive, OneDrive for Business, Mac Client)
• Much better stability, recoverability, and selective sync
File Synchronization - UPDATE
Lesson Learned: Explorer View
• Attractive alternative to file sync (NOT REALLY)
• Only works with IE
• Users can seriously mess up their sites
• “I don’t need folder”
• Not changing work habits that are 20+ years old
9/18/2016 30
SharePoint Designer
• Added checkbox on site request form – owners can now
ask for Designer to be enabled
• Owners will be reminded:
– Designer can lead to site outages if not used correctly
– Any Full Control users can use Designer
– Support time may increase due to Designer issues taking longer
to troubleshoot (reverse engineer) and resolve
• CHS will still require standard branding
• Why allow it now?
– CHS has a pent up demand for business process automation
9/18/2016 31
Audit Logs
• CHS written utility will insure audit log configuration is
consistent across all site collections
• Reports will be surfaced to site owners so they can
review (along with permissions reports)
• CHS didn’t enable on all SharePoint 2010 sites due to
overhead – only enabled on sensitive site collections
• Overhead is now a Microsoft concern, so auditing will be
enabled
9/18/2016 32
One Last Thing
• Attempting to engage our users at a higher level
– Not just break/fix
– Let us help you take advantage of SharePoint
• Moving quick questions to eLearning
– reduce burden on help desk
• Improving eLearning
– Rebuilt site to improve usability
– Added Brainstorm videos
– Added tutorials to share longer answers to commonly asked
questions (some include Skype video recordings)
• Taking advantage of Yammer
– Q/A, Announcements, Tips
9/18/2016 33
9/18/2016 34
Blog: http://www.kellydjones.com
Twitter mentions are appreciated:
@kellydjones
Thank you!
Any Questions?

More Related Content

Viewers also liked

كل ما تحب معرفته عن محرك البحث قوقل (Google)
كل ما تحب معرفته عن محرك البحث قوقل (Google)كل ما تحب معرفته عن محرك البحث قوقل (Google)
كل ما تحب معرفته عن محرك البحث قوقل (Google)Bachir Benyammi
 
SplunkLive! Customer Presentation - Cequint
SplunkLive! Customer Presentation - CequintSplunkLive! Customer Presentation - Cequint
SplunkLive! Customer Presentation - CequintSplunk
 
Acto civico
Acto civicoActo civico
Acto civicobrisammm
 
Project leadership - we stand alone together (George Cameron) SCOT100915
Project leadership - we stand alone together (George Cameron) SCOT100915Project leadership - we stand alone together (George Cameron) SCOT100915
Project leadership - we stand alone together (George Cameron) SCOT100915Association for Project Management
 
A unique global sports project - the British and Irish lions (Guy Richardson)...
A unique global sports project - the British and Irish lions (Guy Richardson)...A unique global sports project - the British and Irish lions (Guy Richardson)...
A unique global sports project - the British and Irish lions (Guy Richardson)...Association for Project Management
 
Curso de pregação e estudo bíblico
Curso de pregação e estudo bíblicoCurso de pregação e estudo bíblico
Curso de pregação e estudo bíblicoAlberto Simonton
 
The 7 Habits of Highly Effective Product Managers - ProductCamp Vancouver 2015
The 7 Habits of Highly Effective Product Managers - ProductCamp Vancouver 2015The 7 Habits of Highly Effective Product Managers - ProductCamp Vancouver 2015
The 7 Habits of Highly Effective Product Managers - ProductCamp Vancouver 2015Preeti Nirwal
 

Viewers also liked (13)

كل ما تحب معرفته عن محرك البحث قوقل (Google)
كل ما تحب معرفته عن محرك البحث قوقل (Google)كل ما تحب معرفته عن محرك البحث قوقل (Google)
كل ما تحب معرفته عن محرك البحث قوقل (Google)
 
Directing Agile Change, 14th October 2015, London
Directing Agile Change, 14th October 2015, LondonDirecting Agile Change, 14th October 2015, London
Directing Agile Change, 14th October 2015, London
 
SplunkLive! Customer Presentation - Cequint
SplunkLive! Customer Presentation - CequintSplunkLive! Customer Presentation - Cequint
SplunkLive! Customer Presentation - Cequint
 
Aula 07 e 08 cânticos
Aula 07 e 08   cânticosAula 07 e 08   cânticos
Aula 07 e 08 cânticos
 
Acto civico
Acto civicoActo civico
Acto civico
 
Q mobile final pres
Q mobile final presQ mobile final pres
Q mobile final pres
 
Project leadership - we stand alone together (George Cameron) SCOT100915
Project leadership - we stand alone together (George Cameron) SCOT100915Project leadership - we stand alone together (George Cameron) SCOT100915
Project leadership - we stand alone together (George Cameron) SCOT100915
 
A unique global sports project - the British and Irish lions (Guy Richardson)...
A unique global sports project - the British and Irish lions (Guy Richardson)...A unique global sports project - the British and Irish lions (Guy Richardson)...
A unique global sports project - the British and Irish lions (Guy Richardson)...
 
Kanban vs Gantt (webinar)
Kanban vs Gantt (webinar)Kanban vs Gantt (webinar)
Kanban vs Gantt (webinar)
 
Curso de pregação e estudo bíblico
Curso de pregação e estudo bíblicoCurso de pregação e estudo bíblico
Curso de pregação e estudo bíblico
 
The 7 Habits of Highly Effective Product Managers - ProductCamp Vancouver 2015
The 7 Habits of Highly Effective Product Managers - ProductCamp Vancouver 2015The 7 Habits of Highly Effective Product Managers - ProductCamp Vancouver 2015
The 7 Habits of Highly Effective Product Managers - ProductCamp Vancouver 2015
 
Knowledge Management in 30 min
Knowledge Management in 30 minKnowledge Management in 30 min
Knowledge Management in 30 min
 
Infografia sainte chapelle
Infografia   sainte chapelleInfografia   sainte chapelle
Infografia sainte chapelle
 

More from Kelly Jones

How Atrium Health SharePoint Team Manages Office 365
How Atrium Health SharePoint Team Manages Office 365How Atrium Health SharePoint Team Manages Office 365
How Atrium Health SharePoint Team Manages Office 365Kelly Jones
 
How Atrium Health Implemented and Governs Office 365
How Atrium Health Implemented and Governs Office 365How Atrium Health Implemented and Governs Office 365
How Atrium Health Implemented and Governs Office 365Kelly Jones
 
How Atrium Health Implemented and Governs Office 365
How Atrium Health Implemented and Governs Office 365How Atrium Health Implemented and Governs Office 365
How Atrium Health Implemented and Governs Office 365Kelly Jones
 
How Carolinas HealthCare System Governs SharePoint
How Carolinas HealthCare System Governs SharePointHow Carolinas HealthCare System Governs SharePoint
How Carolinas HealthCare System Governs SharePointKelly Jones
 
Introduction to SharePoint Developer
Introduction to SharePoint DeveloperIntroduction to SharePoint Developer
Introduction to SharePoint DeveloperKelly Jones
 
Internet Explorer 8 for Admins
Internet Explorer 8 for AdminsInternet Explorer 8 for Admins
Internet Explorer 8 for AdminsKelly Jones
 

More from Kelly Jones (6)

How Atrium Health SharePoint Team Manages Office 365
How Atrium Health SharePoint Team Manages Office 365How Atrium Health SharePoint Team Manages Office 365
How Atrium Health SharePoint Team Manages Office 365
 
How Atrium Health Implemented and Governs Office 365
How Atrium Health Implemented and Governs Office 365How Atrium Health Implemented and Governs Office 365
How Atrium Health Implemented and Governs Office 365
 
How Atrium Health Implemented and Governs Office 365
How Atrium Health Implemented and Governs Office 365How Atrium Health Implemented and Governs Office 365
How Atrium Health Implemented and Governs Office 365
 
How Carolinas HealthCare System Governs SharePoint
How Carolinas HealthCare System Governs SharePointHow Carolinas HealthCare System Governs SharePoint
How Carolinas HealthCare System Governs SharePoint
 
Introduction to SharePoint Developer
Introduction to SharePoint DeveloperIntroduction to SharePoint Developer
Introduction to SharePoint Developer
 
Internet Explorer 8 for Admins
Internet Explorer 8 for AdminsInternet Explorer 8 for Admins
Internet Explorer 8 for Admins
 

Recently uploaded

Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 

Recently uploaded (20)

Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 

How Carolinas HealthCare System Governs SharePoint

  • 1. Notes from the field How Carolinas HealthCare System Governs SharePoint September 2016
  • 5. 9/18/2016 5 Who am I? • Kelly D. Jones – Carolinas HealthCare System • SharePoint Architect & SP Team Manager – 18+ years industry experience; 10+ SharePoint • My blog: http://www.KellyDJones.com • Twitter: @KellyDJones
  • 6. 9/18/2016 6 Agenda • Why this presentation? • What is Carolinas HealthCare System? • The CHS SharePoint governance story – Where we started – Where we are – Where we’re going
  • 7. 9/18/2016 7 Why this presentation? • Introductions to governance tend to focus on theory: – Governance is the set of policies, roles, responsibilities, and processes that control how an organization's business divisions and IT teams work together to achieve its goals. – MS Technet • Need for real world examples of governance• Need for real world examples of taming the wild west – Why was governance introduced? – How was governance implemented? – What problems did governance solve? • Is the way we govern the best? Is it all directly applicable to you? – Probably not. Pick and choose what makes sense.
  • 8. 9/18/2016 8 What is CHS? Carolinas HealthCare System (http://www.carolinashealthcare.org)
  • 9. 9/18/2016 9 CHS – Where we started (2011) So what massive SharePoint farm was supporting CHS? • Number of servers in farm: • Version of SharePoint: • 70+: • 2000+ One. (SharePoint + SQL Server) WSS 3.0 (“free” version of SharePoint 2007) Web applications. 1 site collection had 330+ top level sub sites Sub sites in 70+ site collections
  • 10. 9/18/2016 10 CHS – Where we started (2011) cont. • SharePoint 2010 was set up as a POC – 1 SharePoint 2010 server – 2 SQL Server 2008 servers in a cluster • Consulting firm was engaged: – Migrate WSS to SP2010 – Estimated to take six weeks That’s me.
  • 11. 9/18/2016 11 Migrating to 2010 – Backing into governance • How many sites do we have? • What functionality is in use? • What customizations have been done? • Who do we talk to about this site? Who’s the owner?
  • 12. 9/18/2016 12 Step 1. Take an inventory • Created a list of all web applications, site collections, sub sites, solutions • Sub sites – Site owners – Size: amount of data, number of lists, number of documents – Templates used – Is anonymous enabled? • Web applications – DNS address – User policies • Site collections – Address – Site Collection Admins – Size
  • 13. 9/18/2016 13 Step 2. Store that inventory • Output of PowerShell can be XML or CSV • Store them in Excel or SharePoint List? – We manually imported them from Excel into an SP List – Our PowerShell eventually could populate the list directly
  • 14. 9/18/2016 14 Step 3. Analyze data: What we found? • Fab 40 site templates • Lots of sites with “test” as part of title or URL • Sites with anonymous access • Sites storing sensitive data • One site collection with – 330+ top level sub sites – 2,000+ total sub sites – 2,000+ SharePoint groups • Users built Word documents that were simply a list of links to documents stored in the same SP library (views?) • 98% of the usage was a glorified file share
  • 15. 9/18/2016 15 Step 4. Technical Enforcement • Limited site collection administrators to the central SharePoint team – Gained control of SharePoint Designer options (and disabled it) – Gained control of SC features – Gained control of branding – Gained control of auditing settings – Gained control of sandbox solutions • Set quotas on site collections – Improved database management – Improved stability – no more SQL running out of room and bringing farm to a halt
  • 16. 9/18/2016 16 Step 5. Owner Policy Changes • Defined site owners for site collections, not subsites – Many options/decisions are at the site collection level • Auditing • Allowing sensitive data or not – Instantly reduced number of owners from thousands to hundreds • Identify site owners – Found owners by looking in the “Owners” group of the root site within a site collection (aka: tag  you’re it!) • Categorized owners – Data Owners – Primary Site Owner – Secondary Site Owner
  • 17. 9/18/2016 17 Step 6. Site Management List • Turned list of site collections into the “Site Management List” • Track status of site – new, renewed, read only, archived, deleted • New Site Request and Site Update Forms allows owners to: – Submit names of new owners – Set the data classification (sensitive or not) – Can state site no longer needed • Renewal process – Require owners to update their site info annually
  • 18. 9/18/2016 18 Step 7. Information Architecture Changes • Split up large site collection – Turned each of the 300 into separate site collections • Consolidated from 70+ to 1 web application – Eliminated vanity URLs • Simplified communications about SharePoint • Eliminated issues with DNS changes – Technical issues with that many web apps – Microsoft recommends no more than 10 per farm – Microsoft suggests that if you need more than 2-4, you’re doing it wrong
  • 19. 9/18/2016 19 Step 8. Standard Branding • Reinforce CHS brand to all teammates (meeting marketing goals) • Reminds users this is a CHS property • Eliminates garish color schemes – Reduces non productive time spent by owners (we hope they focus on their content and not the color scheme for the site) • Added “alert” functionality – SP team can make a message appear on any site with different colors – Great way to notify about outages or upcoming site moves Lesson Learned: Branding should be as “lite” touch as possible. • Think through how you will deploy changes to all site collections. • Test your branding with all site templates. • Be ready with an alternative if the branding breaks a particular site.
  • 20. 9/18/2016 20 Migrations, Migrations, Migrations! • Upgrade from WSS 3.0 to SharePoint 2010 – November 2011 until July 2012 (SP2010 Transition farm) • 3 SP2010 servers + 2 node SQL cluster – July 2012 until July 2013 (SP2010 Production farm) • 8 SP2010 servers + 2 FAST + 3 SQL (2 node cluster + AlwaysOn) • SharePoint 2010 to SharePoint Online – CHS decided to go 100% to SharePoint Online in June 2013 • Goal is to be migrated by: 12/2013; 3/2014; 7/2014; 10/2015 – Actual migration of sites: January 2015 through June 2016 – Currently decommissioning SharePoint 2010 on premise
  • 21. 9/18/2016 22 Current Environment: Office 365 • Office 365 – CHS decided to go 100% to SharePoint Online in June 2013 – 40k users licensed with E3 plan • Exchange, SharePoint, OneDrive, Yammer (Skype is on prem) • SharePoint Online – 725 Production Site Collections – 2.9TB SharePoint; 3.7TB OneDrive – Data Storage Growth • 20% from 2011 until 2014 (WSS 3.0 & SP2010) • 100% for 2014 (SP2010 & SharePoint Online) • 30% for 2015 (SharePoint Online only) • 260% for 2015 (SharePoint Online & OneDrive) • 165% for 2016 (SharePoint Online only) • 152% for 2016 (SharePoint Online & OneDrive)
  • 22. 9/18/2016 23 New Governance Goals • Providing more information to users to increase their understanding of our policies • Reinforce ownership at the site collection level • Address compliance concerns about new functionality
  • 23. 9/18/2016 24 Governance Updates • New issues to address – External Sharing – File synchronization – SharePoint App Store – Promoted sites on Sites page – OneDrive automatic deletion • Opportunity to address existing issues – Site Owners don’t know what they “own” • Many site collections versus many sub sites
  • 24. 9/18/2016 25 About This Site • Everyone can view: – Who the owners are – Whether sensitive data can be stored there – A description of the site, reinforcing its intended purpose – Whether external sharing or SharePoint Designer are enabled – Link for owners to update info
  • 25. 9/18/2016 26 New Security Reports • Goal is to increase accurate permissions • External Sharing Report – List all external users – What address the invitation was sent to – What email address accepted the invitation • Permissions Report – More easily identify people who should no longer have access – Highlight problem areas – like too many full control users • Active Directory Group Report – If sensitive data is present, how do owners know who is in an AD group?
  • 26. 9/18/2016 27 Permission Reports Review Data Tier Classification External Sharing Enabled? Schedule Tier 1 Yes Monthly Tier 1 No Bi-monthly (every other month) Tier 2 Yes Quarterly Tier 2 No Six months Tier 3 Yes Annually Tier 3 No Annually
  • 27. 9/18/2016 28 File Synchronization • Using OneDrive for Business client users can synchronize the contents of any library to a non CHS controlled device • Compliance Issues: – No requirement for local encryption – No requirement that the data is remotely wiped when someone is no longer with CHS • Solution: – Built a utility to disable file sync on each and every library in SharePoint Online and OneDrive
  • 28. 9/18/2016 29 • Microsoft apologized at Microsoft Ignite (May 2015) – Poor user experience (buggy) with OneDrive for Business Sync Client – Lack of compliance controls • Released 2nd Half of 2015: – PowerShell command to restrict sync client to work only with computers joined to a domain – OneDrive for Business Next Generation Sync Client • Microsoft is combining all sync clients into one code base (OneDrive, OneDrive for Business, Mac Client) • Much better stability, recoverability, and selective sync File Synchronization - UPDATE Lesson Learned: Explorer View • Attractive alternative to file sync (NOT REALLY) • Only works with IE • Users can seriously mess up their sites • “I don’t need folder” • Not changing work habits that are 20+ years old
  • 29. 9/18/2016 30 SharePoint Designer • Added checkbox on site request form – owners can now ask for Designer to be enabled • Owners will be reminded: – Designer can lead to site outages if not used correctly – Any Full Control users can use Designer – Support time may increase due to Designer issues taking longer to troubleshoot (reverse engineer) and resolve • CHS will still require standard branding • Why allow it now? – CHS has a pent up demand for business process automation
  • 30. 9/18/2016 31 Audit Logs • CHS written utility will insure audit log configuration is consistent across all site collections • Reports will be surfaced to site owners so they can review (along with permissions reports) • CHS didn’t enable on all SharePoint 2010 sites due to overhead – only enabled on sensitive site collections • Overhead is now a Microsoft concern, so auditing will be enabled
  • 31. 9/18/2016 32 One Last Thing • Attempting to engage our users at a higher level – Not just break/fix – Let us help you take advantage of SharePoint • Moving quick questions to eLearning – reduce burden on help desk • Improving eLearning – Rebuilt site to improve usability – Added Brainstorm videos – Added tutorials to share longer answers to commonly asked questions (some include Skype video recordings) • Taking advantage of Yammer – Q/A, Announcements, Tips
  • 33. 9/18/2016 34 Blog: http://www.kellydjones.com Twitter mentions are appreciated: @kellydjones Thank you! Any Questions?