Two categories of administration
Installation and configuration decisions
THE first chapter of this book gave you a quick review of Microsoft SharePoint 2013. This second chapter begins the introduction to more advanced SharePoint terms and concepts that will help you through the remaining chapters of the book. SharePoint is a server product. As an advanced information worker, you might mostly interact with the front end of the product by adding documents and list items, but you are also a key part of the SharePoint team at your organization. This chapter introduces you to some parts of SharePoint that you may not usually come across in your day-to-day job. However, by getting an overview of how SharePoint is structured and secured, you will gain a better understanding of the product as a whole. In addition to helping you discuss SharePoint on a more level playing field with developers and IT professionals, the administration basics that you learn here will help you with planning and using SharePoint.
Administration of SharePoint 2013 can be broken down into two categories: business user administration and IT professional administration.
If you are a typical person who works in the business user administration category:
Your main job is not technical computer work.
You create and modify sites, libraries, and lists.
You might also be responsible for the site content. For example, you might upload documents to libraries for others to download.
The majority of this book includes information targeted to the advanced business user who might perform some of this type of administration. This chapter will give you the tools to set up your SharePoint sites that are serviced on the back end, either by your organization’s IT group, an external hosting company, or both.
If you are a typical person who works in the IT professional administration category:
You work in a room surrounded by the server’s network hardware.
You install and configure SharePoint on a server.
You create web applications and site collections for business users to administer.
The IT professional at an organization with SharePoint is often an advanced user of SharePoint as well. Although this chapter is not intended to describe the step-by-step processes to implement back-end changes for Microsoft SharePoint Server 2013, an IT professional can benefit from this chapter by learning the business perspective of the same changes.
Why administration matters: One search example
Have you ever searched a website and been disappointed by the results? Maybe your search for “coffee” on your favorite shop’s website returned no results, as in the following image. What would you do next? With the amount of websites available to choose from today, you’re probably heading over to your second favorite shop’s website or a search of the Internet. You’re less likely to continue on that website when your search comes up with no results. Not only that, but you are less likely to return to it in the future.
Now, think about the sites for which you have some responsibility in your organization’s world of SharePoint. Do you want visitors to your sites staying for more and returning the next time they want to find something you’ve got there? Of course you do, or you wouldn’t have created the site or accepted some responsibility for it in the first place. With your name on the site, you want to make every visit to it rewarding and enjoyable. Understanding administration will help avoid bad experiences like this search example. Ownership of a site in SharePoint doesn’t make you an IT professional. You might not be the one pushing the buttons on the computers that host the site, but what that person does affects how your site is perceived. You need every visitor to come away with the information they came for (especially if that visitor is you).
You might not be the one installing and configuring SharePoint. However, if you expect SharePoint to become an important tool in your work life, you will want to be a part of the planning process that should come before the installation and configuration.
During installation and configuration of SharePoint, important choices are being made that, in part, determine your user experience. For the health and performance of your SharePoint sites, it’s always better that the installation and configuration follows a preset plan that takes into account the needs of you and others in the business community at your organization. Depending on who is responsible for the back-end administrative tasks, you might have the opportunity to tailor the installation and configuration to your exact needs or choose a hosting provider whose terms match your needs.
To get the most out of your effort—both for you and for those with whom you plan to share web content via SharePoint—read this chapter and perform the planning steps before installation. If SharePoint is already installed and configured, many of the decisions have been made. Understanding the effect of this configuration on the pieces you care about will help you decide if you need to make a change.
Knowing who is responsible for your installation is important so that you know whom to go to when you need a change. This responsible party is called your service provider. The location of your installation is called your host. Because your host might not be physically close to you, you depend on your service provider to keep the installation running and make changes.
SharePoint installations normally fall into one of two models: on-premises or hosted.
If IT staff in your company is comfortable installing, configuring, and maintaining a computer server, you might decide on an on-premises installation. In such a situation, the computers running SharePoint 2013 are located within your business or maintained at an off-site data center.
On-premises installs are typically how the majority of SharePoint sites have been implemented. When set up with great in-house IT support and dedicated resources, SharePoint has proven to be a reliable and worthwhile addition to the server rooms of many organizations.
A hosted SharePoint server is an opportunity to both get started quickly and have a website that is highly available for those who depend on it. If SharePoint isn’t running on computers at your business location, you can take advantage of a growing number of online service offerings.
Microsoft introduced the Microsoft Office 365 service with SharePoint Online powered by SharePoint 2010, and Office 365 has recently been updated to SharePoint 2013. For a low fee per user per month, you can use servers at a Microsoft data center to host your collaboration site on a SharePoint installation that Microsoft engineers will maintain for you. SharePoint’s ability to support many different organizations on one SharePoint farm is supported by a feature set added in SharePoint 2010 called multi-tenancy. Multi-tenancy features have been improved in SharePoint 2013 and benefit from what was learned by deploying and maintaining SharePoint Online.
Note
To learn more about Office 365, go to office365.microsoft.com.
The designers of SharePoint 2013 specifically had this “hosted SharePoint” design in mind to allow more people access to SharePoint without the need for dedicated in-house IT support staff and the specialized skills required to install and configure SharePoint.
Note
SharePoint 2013 introduces new, distributed development options referred to as the app model. The app model helps remove some of the bottlenecks that may have prevented SharePoint enhancements on shared servers in past versions of the product.
Chapter 23 covers extending SharePoint. You can also read more about the new cloud app model and programming with web standards on Microsoft’s MSDN website at msdn.microsoft.com/en-us/library/jj163091(v=office.15).aspx.
Figure 2-1 summarizes the key strategic considerations when choosing on-premises versus hosted SharePoint.
Have you ever thought about the way a SharePoint site is built? In this section, key structural pieces of a SharePoint installation will be explained. SharePoint sites often grow organically—the “Comparing a SharePoint web application to a tree” section will introduce you to the basic building blocks of a SharePoint installation’s structure. Table 2-1 lists the nine main SharePoint structural elements of interest.
Table 2-1. The nine main SharePoint structural elements
Structure element | Definition |
Farm | The term farm is used in two main ways. The farm can be considered to be the physical computers and the software required to be running on them to host SharePoint. In addition, each farm’s settings are held in a unique configuration database stored on a Microsoft SQL Server instance. |
Service application | A service application runs within a farm to provide capability to the sites hosted on it or another farm. |
Content database | The majority of the information added to a SharePoint site is stored in a content database. |
Web application | A SharePoint site is accessed through a web application that provides the address and authentication settings, among other configuration properties. A web application must have a corresponding website in Internet Information Services (IIS). |
One or more sites are grouped together into a site collection. Sites are organized hierarchically in site collections, and some configuration settings and administrative actions applied to site collections affect every site in the group. | |
Site | A site is a logical grouping of content within SharePoint. Each site collection has a root site, which is the main point of entry. |
Document library | Document libraries are historically the most used element of a SharePoint site. Library settings control visibility and content types among other critical configurations. |
List | The majority of all content in a SharePoint site is held in a list. Sites have many lists of many types. Even a document library is a list, but a specialized kind of list with tools designed to work best with documents. |
Webpage | Since SharePoint 2010, webpages have taken on new importance for SharePoint sites. Every webpage in SharePoint 2013 has rich-text editing capability. Each webpage that you create from the browser is stored in a document library. |
Think of a web application as a tree. Each trunk is a site collection, with the first site collection in the web application coming from the same set of roots as the other trunks. The branches are like sites branching off the site collections and the leaves are list items and documents.
Some web applications are like a pomegranate tree, which can have more than one trunk in the same tree. SharePoint Server 2013 has a good example of this type of tree in the web application configured to be the My Site Host. Each individual’s My Site is itself a site collection; in an organization with 80,000 users, you may end up with 80,000 site collections sprouting out of the same web application root base.
The base address of the My Site Host, my.litware.com, for example, redirects to the current authenticated user’s personal site collection, which is located at an address relative the base address—for example, my.litware.com/personal/<username>. In this example, you could browse to any other My Site public profile by entering my.litware.com/personal/ followed by the other user’s name (if you know it).
As another example of a SharePoint implementation, consider a public website for a multinational organization. Such a website might have separate site collections for each of the many regional groups within the organization. There may be one main web address, and a corresponding SharePoint web application, associated with multiple site collections. Picture the SharePoint components of such a public website as a tree with many trunks and even more main branches. Figure 2-2 illustrates how the web addresses of such a site might map to the tree picture.
On the other hand, many web applications look more like a pecan tree. One trunk, the site collection, has a few thick, strong branches off it, supporting other branches and lots of leaves (not to mention tasty nuts in the fall). Figure 2-3 illustrates how the web addresses of this type of site might map to a single-trunk tree.
A classic intranet publishing portal matches this version of the metaphor: portal.contoso.com is the address of the web application and the first site of the site collection. The entry page for this web application is at the address portal.contoso.com/pages/welcome.aspx. Human Resources might have a main trunk site at portal.contoso.com/hr/. Benefits information might be stored in a leaf document library at portal.contoso.com/Locations/Lists/Benefits/. The webpage about medical benefits might be at portal.contoso.com/Locations/Lists/Benefits/Medical.aspx, with a link to the provider’s benefit statement at portal.contoso.com/Locations/Lists/Benefits/ProviderStatement.pdf.
INSIDE OUT: Host-named site collections
An improved feature of SharePoint 2013 allows more flexibility in SharePoint site address choices. A host-named site collection can use a shorter URL for its address. It’s different from a path-based site collection, which appends the site collection part of the address after the domain name in the URL. For example, in www.contoso.com/partners, “partners” is the site collection identifier. A host-named site collection includes the site collection identifier before the host name, such as partners.contoso.com. Shorter addresses are easier to type and remember.
The details of the changes that allow this new flexibility may not interest you, but the impact of the changes may affect your site architecture. For example, Microsoft’s recommended design for an Enterprise Corporate Portal has been updated to reflect the suggested use of host-named rather than path-based site collections.
For example, the part of the Corporate Portal design for the fictional organization Fabrikam shown in the next graphic represents the intranet site collection. Using path-based site collections, the address might be portal.fabrikam.com/intranet. The address would become even longer for other sites in the collection (such as portal.fabrikam.com/intranet/purchasing).
Web application: Fabrikam Sites
An alternative to host-named site collections is moving toward more web-based applications. For example, a separate web application for the intranet part of the portal could retain the intranet.fabrikam.com address. The downside to this approach is the requirement for extra resources in the farm, and ultimately a higher cost of equipment.
The SharePoint farm is the set of servers hosting all of the sites and support they need. A farm can have as few as one server, which would host the entire infrastructure needed for a small organization.
SharePoint is very scalable. A farm supporting higher user demand benefits from a larger amount of server resources. To carry on the tree metaphor, a high-demand farm can be pictured like a nut orchard providing benefits of its fruit to large amounts of people.
Some service applications provided to the SharePoint farm are similar to the water and fertilizer that are applied to a literal orchard. Other service applications are applied with more discretion, similar to spraying insecticide at the site of an infestation. Business Data Connectivity (BDC) is an example of a SharePoint service that can be applied across all the web applications and the content in their site collections. A SharePoint user can configure a connection to a business data source, such as Microsoft customer relationship management (CRM) software, once and provide that data to all the web applications in a farm. In the preceding examples, a workflow that begins when a new client is added in CRM might add a task list item to an external list. Because BDC is a shared service, you can use the data that it provides on a user’s My Site or in a department’s team site from the same BDC source.
The database is important in planning any implementation of SharePoint. You might or might not know about the relationship between SharePoint and the database. The designers of SharePoint chose to employ the power of the entire Microsoft platform stack. One place where mature technology was exploited is the storage of items added to or created in SharePoint. By taking advantage of the efficient, secure, and reliable platform provided by SQL Server, all those benefits are passed on to the users and administrators of SharePoint sites.
All of the content in a SharePoint 2013 farm is stored in one or more databases on one or more servers running SQL Server. When SharePoint use really takes off in a large organization, it is important to understand the relationship between the items discussed earlier and a content database.
The relationship of the content database to the web application and site collection is explained as follows: one content database holds content from one or more site collections of one web application. In the example web applications presented earlier, at least two content databases would be required to hold the two web applications for the My Sites and the intranet. Further, the contents of a single site collection must be stored together in the same database; however, one content database can hold the content of multiple site collections. A web application can spread out the storage of multiple site collections across multiple content databases.
The tree metaphor is helpful in picturing administrative concepts of SharePoint. Visualizing the structure of your SharePoint environment can be helpful in decisions about content upload, creation of webpages, and new site creation. You will be well on your way toward understanding the structure if you can keep in mind the relationship between the first five main structural elements described previously. The farm, web application, service application, content database, and site collection are critical concepts for the intermediate to advanced user of SharePoint who wants to speak to IT professionals about the supporting structures of her SharePoint site or sites.
Of all the SharePoint structural concepts introduced so far, the content database might be the most important one to understand toward achieving a successful SharePoint implementation. If the users in your organization begin to depend on SharePoint for hosting all of their critical files, lists, and webpages, the amount of storage used can grow dramatically. You can take your understanding of the tree metaphor, add your understanding of content databases, and apply it to an example where quick storage growth becomes a challenge for performance and stability of the SharePoint implementation. You will also be able to see how the same elements can explain the solution.
Let’s go back to the intranet portal example and assume that the entire organizational structure was represented in the site structure, such as the Human Resources department. A common business structure might have sites for Sales, Marketing, and Operations. Teams under those groups might also receive sites below their parent group site. As more and more sites are created, with more and more members of the organization creating and uploading documents, pictures, list items, and webpages, the one content database for this one tree in the orchard is storing all the content.
This implementation is a classic example of three issues common in unsuccessful SharePoint implementations: 1) disorganization of information, 2) delays backing up and restoring the content, and 3) deteriorating performance of the entire web application. All these issues occur gradually over time, so a great approach is to be aware and monitor growth and change in order to plan for reorganization or new hardware purchases ahead of time.
Let us first consider the case of backing up and restoring the content of your intranet in this example. A successful SharePoint implementation with a SharePoint structure like this can result in a database measured in terabytes of storage space. If you’ve ever tried to back up a 200-GB hard disk, you understand the amount of time required to save your important information.
The amount of time it takes to back up data is affected by two critical restore parameters. The first is how often data can be backed up; if it takes eight hours to back up the content database and you run only one backup at a time, your SharePoint content will be safely backed up only once during a business day. For certain tasks at some organizations, it is acceptable to lose a day’s worth of information; for others, losing even a minute of information could be trouble.
The second restore parameter affected by large content databases is the amount of time it takes to restore. Again, it is up to the task and the organization to determine how long is too long. However, in some situations, waiting a day for SharePoint to be restored after a disaster or an unexpected failure is just too long.
Next, let’s consider the case of disorganization of information. This one is probably not hard to imagine if you’ve been using a computer for many years and you’ve ever lost a file on your hard disk or a file share. Over time, file storage tends to become filled with documents that are rarely accessed and out of date. The same can happen to any kind of content in a SharePoint site. Remember that a SharePoint site is intended to be dynamic; therefore, you need to plan accordingly. Identify the areas that are important to the users of your site. Plan to repeatedly highlight timely, relevant information. Collect feedback from your users on organization and usefulness to ensure that your growing site meets not just your needs, but the needs of your collaborators as well.
The best-case scenario for your organization is to plan ahead of time and accommodate growth where anticipated. SharePoint sites intended for team collaboration and document sharing tend to grow in database size over time. Document sharing sites are popular, but they can often be isolated into site collections by audience. Site collections are natural security and audience boundaries. Interaction within a legal team, for example, deserves this type of isolation for the sensitivity of the information alone. However, other teams can also follow the model, whereby internally important information is contributed to one site collection and more generally interesting information is uploaded to a shared portal. Again, if we look to the SharePoint Product Team’s example of building out My Sites in SharePoint Server, we see this model in its extreme. A My Site gives a user a place to upload content and control access in his own site collection. If the team designing SharePoint puts that architecture forward as a model, you can feel safe in assigning small- to medium-sized project teams similar workspaces that they can control.
Creating site collections for unique audiences reduces the amount of content in each site collection. The added benefit beyond security is added mobility of the content within the content database. Individual site collections can be moved between content databases with more flexibility than sites or lists. Also, storage size quotas can be placed on site collections, but not sites or lists. If the size of a content database becomes an operational issue, the ability to move content to reduce the size of existing databases becomes a big benefit.
If you find yourself in the situation where too much content has been added too quickly, there is good news. Others have been through this before, and strategies have been developed to overcome all three of these issues related to the inevitable growth in a successful SharePoint implementation. For example, if you find that you want to reduce your backup or restore period time, there are two possible paths. Starting with IT professional analysis, identify if the current read or write speed for your content database storage, your backup storage, or the network in between can be increased by purchase of new hardware or optimization of the current hardware.
At the same time, use your understanding of the SharePoint structure to look at how you might reorganize your sites to meet your goals. If all your sites are currently held in one site collection and subsequently one content database, you have an opportunity to create a new site collection, in a new content database where existing sites can be moved. However, moving is always stressful and sometimes items become lost in the move. Professional tools and consultants will help you move more quickly with less loss, but there is always a cost associated with that kind of help. The best strategy is to be proactive and move early. If you identify the level of service you need from SharePoint and you can estimate when potential support milestones will be hit, you can build a roadmap for potential changes ahead.
The amount of time that a backup or restore takes to complete is a common service-level requirement for electronic information. When you use the site collection as a mobile unit of SharePoint content, you can arrange your content databases to accomplish your service-level requirements. In a common method of backup, the content database is the container that is backed up or restored. Moving your most critical site collections to a new content database will allow your IT professionals to back up and restore those sites more quickly. If you consider this type of reorganization, keep in mind that you can host multiple site collections under one web application. In that way, you can maintain one base web address for multiple site collections and reduce the backup and restore time of your most critical information.
Search is one of the most powerful pieces of functionality that Microsoft has provided with the SharePoint product. Think about how often you use search on the Internet. Is a web search engine one of the most frequently accessed websites in your browser? If you are taking advantage of the large amount of information available on the web through search, you probably don’t have to stretch your imagination too much to see how search can benefit you in SharePoint as well. A great SharePoint search experience can help you tap into the information you and your colleagues create on computers about and for your organization.
Using a well-configured SharePoint Search against your own webpages and files, your results will be more refined and specific to the needs of your organization. If the material is there, you should expect to find customer service guidelines, training materials, or experiences that relate specifically to your product and customer. Understanding SharePoint Search better will help you maximize the benefit of Search against the information that your organization has captured electronically.
Note
Chapter 18 and Chapter 19 cover search in depth and offer suggestions for the best use of this improved tool.
SharePoint offers secure, web-based collaboration that is easy to set up. Security options are pervasive throughout the product. You’ll find information about security’s role in different contexts in various chapters of this book. The focus of this section, as well as the rest of the chapter, is on security options in the product that are often hidden from you as an advanced business user. Whether you are preparing for a new SharePoint installation, making configuration changes, or you just want to learn more about security, pay close attention to the rest of this section.
Note
Microsoft SharePoint Foundation 2013 is a separate product that also serves as the infrastructure for SharePoint Server 2013. This book focuses on SharePoint Server 2013, and the differences between the two products are not normally described. However, security is a fairly stable feature set across the two products. Most of what applies to security as described here for SharePoint Server 2013 also applies to SharePoint Foundation 2013.
Regardless of the secure application, two important security principles to understand are authentication and authorization. Authentication is the method of identifying the current user of the application. Authorization is the access the user has within the application. Together, these two concepts provide a means for securing your SharePoint sites.
Most important authentication settings are configured by IT at the web-application level. An example of the effect of these settings is when and how you are prompted for logon information to a SharePoint site. Your business needs determine how the web application should be configured for authentication.
On the other hand, authorization settings are pervasive throughout the product. In fact, the number of places and ways that SharePoint can be configured for access has increased over previous versions of the product. For example, Microsoft responded to customers’ needs to limit the access IT professionals have to content and settings that only business users need to see or set. User policy for web application zones can override the permissions that a site collection owner will set, and this can cause confusion. If you question this level of security for your site or site collection, be sure to discuss this with your site host to guarantee that the proper safeguards are in place. Another similar change that can be made is in auditing. SharePoint provides auditing of item and page views, updates, and deletes, but it is not configured by default.
The five most common authentication types are outlined in this section. Each of these authentication types play a part in the secure web scenarios presented in the next section. Of the five, the classic Windows authentication has been most common in past SharePoint deployments, and it is the type that SharePoint has supported most completely over the course of the product’s history. In contrast, claims-based authentication was newly introduced in the 2010 versions of the product to broaden the scope of authentication approaches used for SharePoint sites. For example, you can use claims-based authentication to allow Windows Live ID accounts to authenticate against your SharePoint site. In SharePoint Server 2013, claims-based authentication has been improved on the back end and promoted to the default choice for administrators creating new sites.
Classic Windows integrated authentication is no longer the default option when your IT administrator is creating a new web application. It won’t be commonly in use for new web applications, but it is an important consideration for migrations from older versions of SharePoint. (Upgrades and migrations are covered in the “Upgrades and migrations” section later in this chapter.)
Claims-based authentication was new for SharePoint 2010, but it takes a more important role in SharePoint 2013. All web applications created in SharePoint 2013 through Central Administration will use claims authentication. Upgrades from SharePoint 2010 can also use this setting, but if customizations are being upgraded, they might need code changes to work with the new security model.
Forms-based authentication can only be enabled with claims in SharePoint 2013. This type of authentication is popular in extranet scenarios because it doesn’t require an Active Directory account for each authenticated user. However, you might find that certain features don’t work as well with this setup. Particularly challenging is Office integration without the latest versions of the Office clients.
Claims-based without Windows authentication was also introduced with SharePoint 2010. This new authentication method was much different than anything available in the previous version of the product. For SharePoint 2013, claims-based without Windows authentication remains an important part of many deployments. This authentication method allows some advanced scenarios but also requires more complexity on the back end. If you require claims-based authentication without Windows integration, keep in mind that this is a new technology, and it might take some time for the administration best practices to be established. If you need to integrate with some external types of identification systems, like Windows Live authentication, claims-based authentication is the answer.
Anonymous access is most commonly used with publishing sites that are public facing, but might also make sense within a large organization where many readers access the site, but only a few content authors publish information. Anonymous access can be used in combination with the previous four authentication types on one web application. Be sure to provide your content publishers with a way to log on through a link published on your intranet or on the page in the public site. In addition to the IT settings for the web application, ensure that you enable your site for anonymous access in the permissions settings of your site collection settings.
Note
You can read more about authentication methods and modes on the TechNet website at technet.microsoft.com/en-us/library/cc262350(v=office.15).aspx.
There are three common scenarios for web application security needs:
Public websites available for anyone on the Internet to read
Secured intranets for use only by users of one organization
Secured extranets for access by visitors across more than one organization
In the first scenario, your web application might be configured by IT for both anonymous access, for readers, and authenticated access of any type, for content authors. If your business needs demand extra security through separation of authoring from reading environments, you would need two separate web applications—possibly in different SharePoint farms—and you would need a method to copy the content between the two.
Secured intranets are probably the most common use of SharePoint technologies over all versions of the product. Windows integrated authentication is a great choice for this scenario because it provides a great user experience. When all the users of a SharePoint installation are members of the Active Directory domain, you can avoid logon prompts in many scenarios. Also, a secured intranet environment is most likely to benefit from the maturity of the Office client integration with SharePoint when combined with Windows integrated authentication. The other types of authentication will also work in this scenario, but they do increase the complexity of the configuration for the SharePoint farm’s host IT staff.
Secured extranets are a special case because they often involve collaboration between members of more than one organization. This scenario, in particular, is a great example for the use of claims-based authentication and how it might be of the most use to you.
The implementation of claims in SharePoint uses open standards. The use of open standards for authentication allows integration with a wide and growing amount of identification systems. So, when you use claims to authenticate your SharePoint web application, you might be able to allow more users from outside organizations with greater ease.
As mentioned earlier, forms-based authentication has historically been a popular option for extranets because it provides the option to use an account database to store user account information (instead of Active Directory). Whether you use forms-based authentication with Active Directory or another user directory, you might want to invest in a firewall such as Microsoft Unified Access Gateway (UAG) 2010. UAG integrates well with SharePoint and provides an extra layer of protection beyond the security provided through SharePoint and Windows Server.
SharePoint Server 2013 includes other security features that are configured outside the site collection that you might want to take advantage of. Each of the following features has settings that must be configured by the farm administrator at the web-application level. Configuring each can have a significant effect on all the site collections in a web application.
In some cases, you might need more than one method of authentication for your SharePoint sites. The previous section described the authentication options that are available for your web application. Public websites can allow anonymous authentication and another method, but other combinations require some additional changes.
For example, you might want multiple forms of authentication for an extranet. You might use forms-based authentication for extranet users outside your organization so that you don’t need to add them to your internal directory. You also might use your existing Active Directory to provide identification for your internal users so that they don’t have to learn a new password.
In this case, you would like your IT staff to extend the web application to include an additional authentication method at a new web address. In this way, you effectively have two doors into your SharePoint house. One is locked with Active Directory, the other with a database of external user names and passwords.
In the previous section, authentication is described as the way of identifying the person who has logged on to your SharePoint site; authorization defines what SharePoint resources the identified person is allowed to access. You can read about controlling permissions for site collections, sites, lists, libraries, and individual content items later in this book.
The User Policy setting is an important authorization setting that affects authorization on your sites; configuration of this setting is left up to the IT staff supporting your SharePoint web application. The User Policy setting defines global authorization rights to a user for all the site collections in a web application.
Note
Ask for your IT staff to communicate changes made to this setting. Changes aren’t visible to site or site-collection administrators, and the user policy changes override the authorization set by sites and site-collection administrators. There are some valid reasons for user policy changes, but understanding SharePoint security is crucial to getting the best value out of your SharePoint sites. You can put yourself in the driver’s seat of your site collection by requesting information such as this from your operational staff, if it is not already clearly documented in the support policy or service level agreements.
An IT professional can enable Self-Service Site Creation on each web application individually. This will give the specified users permission to create new site collections in a web application. Did you notice the disconnect between the last two sentences? The former uses the word site and the latter the words site collection. The former is the wording used in Central Administration, but it would be clearer if it used the words site collection in the place of the word site.
There is a big difference between creating a site collection and a site. Acting as a site administrator, you control the permission of users to create new sites as child sites or subsites to yours; however, those sites are all contained within one collection of sites. On the other hand, allowing creation of site collections can be useful as well. Each site collection provides a unique security boundary, a storage quota, and a context boundary. Often, Self-Service Site Collection Creation is extended with customizations. For example, it might be useful to track the reasons that the site collection is needed and the length of time it will be needed for. My Sites can serve as an example of this type of customization. To start, each My Site is provisioned through Self-Service Site Creation when first accessed by the owner of the site. SharePoint Server includes a workflow for decommissioning the site when the user is deactivated in Active Directory. By automating site-collection creation and removal, the My Site model both enables users and conserves resources.
Forms-based authentication can be useful, as described in the “Types of authentication” section earlier in this chapter. However, it doesn’t work well in some situations, such as SharePoint integration with older versions of Office. If your site uses forms-based authentication and the visitors to your site encounter problems with older versions of Office, you can ask to have this setting disabled at the web-application level. Disabling client integration can prevent errors that otherwise are confusing. However, some features, such as the Edit-In-Datasheet option for lists in the browser will also be disabled for all users when client integration is disabled.
You’re probably familiar with encryption for purposes such as securing online banking accounts. Banks add this layer of security because without it, all information passed over the Internet is sent in clear text that can be captured and read by anyone between you and your bank. If your SharePoint site contains information that is sensitive, you will want encryption configured for your web application. Ask your IT staff to purchase and install a Secure Sockets Layer (SSL) certificate on the web servers and configure your web application for encryption. You will know when you are accessing an encrypted site when the web address begins with https:// instead of the normal https:// prefix.
Another situation for which encryption is important is when your site’s authentication doesn’t encrypt user names and passwords. For example, forms-based authentication should always be used in combination with encryption to ensure the security of your SharePoint sites. You are using forms-based authentication when you type your user name and password directly into a webpage rather than a Windows Security dialog box.
Note
In some cases, for example with Windows integrated authentication, user names and passwords are sent securely without SSL encryption. However, it is still a good practice to encrypt your site if other personal or sensitive information might be sent to or from your website besides user names and passwords.
If you’ve been managing a website previously and would like to move it to a SharePoint Server 2013 environment, you have two choices for bringing over the content: upgrade and migration. Upgrade and migration are often confused because they both cover moving content into SharePoint; however, there are distinct differences between the two. Understanding the choices available to you will help make the decision easier when you do choose to plan and execute a move.
Note
For more details, view the TechNet article, “Overview of the upgrade process to SharePoint 2013.” Though TechNet is tailored to administrators and IT professionals, this article answers questions for advanced business users whose organizations are upgrading to SharePoint 2013. You can view the article at technet.microsoft.com/en-us/library/cc262483(v=office.15).
Microsoft supports upgrades from SharePoint 2010 to SharePoint 2013.
If you’ve read the section “The SharePoint structure” earlier in this chapter, you’ve seen one explanation of the connection between the content database and SharePoint sites.
All the information you see when you use your SharePoint site is held in a content database as follows:
Each content database can hold more than one collection of sites.
Each site collection is stored in one, and only one, content database.
The one upgrade approach in SharePoint 2013 is called a content database upgrade because each content database can be upgraded individually.
When IT executes an upgrade from SharePoint 2010, you can choose not to upgrade every content database in a farm at the same time. If you have more than one content database, this offers some flexibility for a phased upgrade.
For example, you might choose to move the database containing your most important sites first. Alternatively, you might choose a less important database as a first upgrade to refine your process and become more familiar with the steps involved.
A benefit of the content database upgrade approach is the option to leave the existing content available for viewing only while the upgrade is being performed. Because the content database can be copied to the new server, the original copy is still available for read-only use while the new copy is being converted to the SharePoint 2013 format. This is especially helpful for large content databases that require a long time to upgrade.
This approach requires that the customizations applied to your SharePoint 2013 installation are well documented and ready to move to the new environment. It also requires a strong understanding of the configuration settings on the farm and web-application level. In many organizations, this might not be a problem because configuration and customization documentation are also both required for disaster recovery.
The content database upgrade occurs on a new SharePoint 2013 farm. This means that additional hardware is required besides the hardware currently running your SharePoint 2010 farm. Besides being a requirement, it is also a benefit to have two environments available because the upgrade can be tested and repeated on the new hardware before committing to the final move from the old hardware.
Deferred Site Collection Upgrade is a new feature of the SharePoint 2013 products that can keep your upgraded site looking a lot like your old site.
When a content database is upgraded to 2013, site collections can be left running in SharePoint 2010 mode on the new SharePoint 2013 farm. The reason for this mode in your new upgrade is to allow time to update your old sites to the new features of SharePoint 2013.
SharePoint 2013 makes some important and wide-ranging changes to the pages on a site. It may take some work to transition from your old site. You can test your upgraded sites in SharePoint 2013 with a copy of the site collection before making the permanent move to SharePoint 2013 mode.
If you have content on websites that are not running SharePoint 2010, you have two options for moving that content to SharePoint Server 2013. You can migrate the content manually to a SharePoint 2013 farm or you can do it with a third-party tool.
Note
For the purposes of this chapter, an upgrade is moving from SharePoint 2010 to SharePoint 2013. Any other move is considered a migration. In either case, customizations, including installed third-party add-ons and branding, must be considered separately from the content. The migration steps that follow discuss moving content.
Note
You can find more help for branding and enhancing SharePoint in Chapter 12 which covers branding with respect to master pages and CSS. Refer to Chapter 20 and Chapter 23 for more information on authoring customizations.
For sites that have a small amount of content, manual migration can be a good option. You might choose to replicate the previous sites as closely as possible through the creation of lists and libraries first and the addition of content second. Alternatively, you can take the chance to redesign the information architecture of your site. If you take the time to review the site to be upgraded, you might find that you only need to move over a small amount of information that is still relevant and useful to you and your users now.
Manual migration is often a team effort. You might want to involve site designers to work on a new look that matches or builds on the previous look. You want to plan for some testing, even if it’s just to get a second set of eyes on the work you do yourself. Breaking up the repetitive parts, like copying and pasting documents or text from old to new, can help make this go faster.
Many migration tools are specifically built to move content into new SharePoint 2013 sites. The basic premise of migration is no different than that of the manual migration. You can still choose to try to replicate the site that you are migrating from or you can take the opportunity to reassess your site and build into a new design that fits SharePoint 2013 better.
The big difference is that migration tools help do some of the repetitive, manual work that is involved in migrating to SharePoint. In fact, you might find yourself appreciating one of these tools so much that you keep it around to help you reorganize your content in SharePoint long after the initial migration is complete.
There are two kinds of third-party migration tools available. The simplest kind treats the source website as a collection of HTML webpages. Using this kind of tool, you move each page over, one by one, into a document library in SharePoint. That method really works only if all you have is content in pages, as opposed to items in lists or documents in libraries.
On the other hand, many of the third-party tools have specific features that target particular sources of information from which to migrate. You can find tools that help you pull data from older versions of SharePoint, competing products like Lotus Notes, and other technologies used to share information like Networked File Shares and Exchange Public Folders.
Each tool available works a little differently, so it’s best to go to the vendor for information on how to use the tool you choose. They are all happy to provide product demonstrations, and many provide trial versions of their products so that you can test them out on your actual content.
Note
The websites www.EndUserSharePoint.com and www.SharePointReviews.com both have great collections of information on third-party migration tools. Look in both the “Migration” and “Content Organization” categories.
A successful SharePoint environment is the result of a close interaction between the site users, site owners, and supporting technical staff. This chapter introduced you to some of the concepts that you need to understand before considering some more advanced business uses of SharePoint.
The SharePoint list items that you add and the documents that you upload all reside in a SharePoint site. Every SharePoint site is part of a site collection, which is a hierarchy that starts with one top-level site at the root of a tree, and sites which can grow from it. Site collections are accessed through web applications and contained in content databases. Web applications and content databases run on the servers that make up the SharePoint farm that hosts it all. Service applications provide supporting resources to the farm.
Your day-to-day work is done on the site and at the site-collection level. Understanding the full structure can inform your design decisions when you would like to improve your SharePoint installation.
Search is a very powerful tool provided by SharePoint technologies. With the incorporation of technology from the FAST Search Engine into the main SharePoint 2013 product line, SharePoint is now the top-of-the-line enterprise search product from Microsoft.
Regardless of the search product that you choose, it is important to pay attention to how well your searches perform and follow up on issues such as stale results.
It’s also important that SharePoint identify your site’s users and you understand the options for securing your site content. SharePoint 2013 includes a few authentication changes for your web applications. Choosing authentication methods for your web applications requires identifying who your users are and what level of access they need. The authentication methods you may choose from include classic Windows integrated, claims-based with Windows or without, and anonymous authentication. Authorizing the users to perform actions in SharePoint is mostly controlled in the site collection. However, user policies can affect permissions across many site collections and are not visible outside the web-application settings. Working closely with IT, you can ensure a secure experience for the visitors to your site and the content you host in SharePoint.
You probably have been using some tool to share files and other information with others before moving to SharePoint 2013. Any sites that you have running in SharePoint 2010 can be upgraded by copying the content databases to SharePoint 2013. If you’d like to migrate data from other sources, you might choose to move the most important pieces over yourself manually. If you have a lot of data, you might consider purchasing a third-party tool to help you move into SharePoint 2013.
This chapter has been an introduction to administration settings made beyond the site collection. In the chapters that follow, you will find other ways with which you will interact with SharePoint Administration outside site settings available to an advanced business user. For example, you will find information on importing BDC models in Chapter 22 Chapter 12 and Chapter 23 both cover creating solutions for SharePoint that can be added to the farm by an administrator. Chapter 20 focuses on SharePoint Designer and covers some settings exposed only to technical staff.