Product Overview: FlyView Enterprise for SharePoint

Product Overview: FlyView Enterprise for SharePoint

 

 

As a SharePoint user, do you ever wish to have a seamless navigation across the sites and content repositories on your SharePoint site? As a SharePoint Administrator, do you want to accelerate end user adoption with easy and intuitive navigation bundled with quick search? SharePoint is a popular content management system used by more than million users worldwide. And as the enterprise adoption has increased, so are the complexity of content repositories within SharePoint.  End users and Administrators are always lookout for add-ins and solutions to simplify their user experience and increase user adoption. Thus FlyView for SharePoint Enterprise should be your solution of choice for seamless navigation across sites and content repositories.

 

In this blog post, I would review the product and its capabilities by installing and configuring this product on my own SharePoint Online site.

 

FlyView for SharePoint is an Aurora Bits product for Microsoft SharePoint platform that helps users with improved productivity by reducing the time they spend navigating and discovering content. FlyView for SharePoint is a unique and innovative tool as it can create a lighting fast, global navigation menu at run-time for any SharePoint site. The FlyView Enterprise for SharePoint is installed on SharePoint server/site collection in SharePoint Online, 2016/2013/2010 and displays a dynamic site menu when a user logs in, enabling the users to explore the entire SharePoint Site without having a single mouse click. It supports all major browsers such as Internet Explorer, Chrome, Safari, Firefox etc. The solution will create Breadcrumbs and Navigation in your browser. The term enterprise in the product clearly shows the focus of the product team to be used within Enterprise SharePoint installation by eliminating browser dependency and focusing on standardized methods.

 

Installation

The installation is very straight forward with a server side sandbox package that deploys javascripts and css. I was able to quickly deploy the WSP to solution gallery and activate it. All that is required to start using FlyView Enterprise.

Figure1

Figure 1

 

User Experience

FlyView Enterprise for SharePoint appears on the top left section of the browser after the menu and by default show the root site. I have seen absolutely no difference in page load time with or without using this add in.

Figure2

Figure 2

 

As I hover over the root site, it quickly displays the sites and other content repositories within the root site, and as you hover in the sub sites, it would expand the content repositories with them. All this was pretty fast and seamless. The icons next to the content repository names provides clear demarcation between subsites, lists and libraries.

Figure3

Figure 3

 

The navigation quickly allows you to navigate from the highest level of content repository (site collection) to lowest level (content). And it doesn’t restrict you to default view. You can have option to select the view you want to see.

Figure4

Figure 4

 

Pinning allows you to handle multiple content by pinning them on the screen. When you click on the blue icon next to a document, you can pin the content or mark as favorite. Pinning the content on the screen allows you to multi manage content properties. Very helpful.

Figure5.2

Figure 5

 

Last, but not the very least is search. This is not your traditional enterprise search for content. But search for content repositories as depicted in the example below. I am trying to search for a payroll for November 2015 which by my naming standards is saved in “Nov15” folder.

Figure6

Figure 6

 

FlyView Enterprise for SharePoint allows you to view your history and content marked as favorite by hovering over the FlyView icon on the top left. This would allow you to create your own shortcuts to document by marking the content as favorite and review the history.

Figure7.1

Figure 7

 

Conclusion

 

In a nutshell, this product shows very promising features that can both accelerate user adoption and increase productivity. The product team has meticulously identified end users pain point with respect to navigation and content search. If you would like to see the product in action, feel free to choose from the following.

  1. You can visit Aurora Bits site for more product details.
  2. View the FlyView Enterprise for SharePoint product demo video.
  3. Download a demo of Trial version of FlyView Enterprise for SharePoint.
  4. Request a live preview of Contoso site from here.

I would conclude my review with few pointers from my side that should answer any questions you have

  1. Security – FlyView Enterprise for SharePoint uses logged in user context. It does not save any access credentials.
  2. Content Access – FlyView Enterprise for SharePoint cannot manipulate or delete your content or changes any SharePoint configuration.
  3. Performance – FlyView Enterprise for SharePoint is lightweight and performs well given the reasonable number of Sites, Sub Sites and content.

 

 

 

Configure SharePoint 2016 (Part 6)

Configure SharePoint 2016 (Part 6)

In the last post, we created service accounts and configured claims to windows token service. In this post, we will run products and configuration wizard and complete SharePoint 2016 configuration.

Before we start running SharePoint 2016 Product & Configuration wizard, we need to make sure that your SharePoint Application Server can talk to SQL Server. The default firewall settings may not allow SharePoint Server to Connect to SQL Server over port 1433. You can run the following script to open up the required ports for accessing SQL Server.

@echo ========= SQL Server Ports ===================

@echo Enabling SQLServer default instance port 1433

netsh firewall set portopening TCP 1433 “SQLServer”

@echo Enabling Dedicated Admin Connection port 1434

netsh firewall set portopening TCP 1434 “SQL Admin Connection”

@echo Enabling conventional SQL Server Service Broker port 4022

netsh firewall set portopening TCP 4022 “SQL Service Broker”

@echo Enabling Transact-SQL Debugger/RPC port 135

netsh firewall set portopening TCP 135 “SQL Debugger/RPC”

@echo ========= Analysis Services Ports ==============

@echo Enabling SSAS Default Instance port 2383

netsh firewall set portopening TCP 2383 “Analysis Services”

@echo Enabling SQL Server Browser Service port 2382

netsh firewall set portopening TCP 2382 “SQL Browser”

@echo ========= Misc Applications ==============

@echo Enabling HTTP port 80

netsh firewall set portopening TCP 80 “HTTP”

@echo Enabling SSL port 443

netsh firewall set portopening TCP 443 “SSL”

@echo Enabling port for SQL Server Browser Service’s ‘Browse’ Button

netsh firewall set portopening UDP 1434 “SQL Browser”

@echo Allowing multicast broadcast response on UDP (Browser Service Enumerations OK)

netsh firewall set multicastbroadcastresponse ENABLE

Once the connection to SQL Server is configured, you can start SharePoint 2016 Products and Configuration from the Start Menu. You will see the following screen. Click next.

Figure 1

You will see a message about IIS services, click Yes and Next.

Figure 2

You will have an option to connect to an existing server farm or create a new server farm. Since this is the first SharePoint server in the farm, we will click on option Create a new server farm. Click Next.

Figure 3

Specify database settings on this screen. Click Next.

Figure 4

Specify a Passphrase. And make sure the Passphrase is stored in a safe and retrievable place as we would need this for various activities like adding more servers to the farm, etc.

Figure 5

This is new in SharePoint 2016. You can specify a predefined role for the server you are configuring. For this lab, we will configure single server farm. For an elaborated description of each role, refer to my previous post “What’s new in SharePoint 2016 (and what’s deprecated)“. Click Next.

Figure 6

Review the parameters selected and entered and click Next.

Figure 7

You should see the configuration in progress. Creating the configuration database may take most of the time, everything else should complete relatively fast.

Figure 8

Once the configuration is successful, you will see the following completion message. Click Finish. This should start Central Administration screen and a wizard to configure all Service Applications. Click cancel, we will configure these service applications manually.

Figure 9

Navigate to Central Administration à Security à Configured Managed Service Accounts and add the service accounts configured. You should be able to see the following once the Managed Accounts are configured.

Figure 10

Navigate to Central Administration à Manage Service Applications. You should be able to see the two default service applications.

Figure 11

Once this step is completed, it’s good to review the following.

  1. Central Administration à Security à Manage the farm administrators group and review that you have all the required accounts (E.g. Admins, etc) added in there.
  2. You are able to access SharePoint 2016 PowerShell.

In my next blog post, I will show you how to create and configure service applications manually along with their PowerShell scripts. Till then, keep watching this space.

Questions you should ask yourself before starting a OneDrive Migration

Questions you should ask yourself before starting a OneDrive Migration

 

To successfully migrate documents to OneDrive for Business, and get the most out of the platform, there are a number of things that need to be considered before you start. Here we will go through some of the questions that you should be asking yourself at the pre-migration stage to hopefully make your migration easier.

 

  1. What do I want to get out of OneDrive for Business?

    OneDrive for Business is used to access work files in the network environment through different devices. It facilitates controlled sharing of files—users can keep their files private, or can share them partially or completely with one or more people. To facilitate offline working, users can sync files to their local computer. Documents are also accessible from network/internet connected devices. Understanding all of this is key to determining what you want to get out of OneDrive for Business.

     

  2. How important is compliance?

    When choosing between on-premises OneDrive for Business and a cloud based one you have to consider how it will affect your compliance. For organizations that have to regularly meet compliance requirements it is recommended that an on-premises facility is used (OneDrive for Business in SharePoint Server 2016). If the opposite is the case, then Office 365 can be used without any SharePoint infrastructure on the premises.

     

  3. Should you choose hybrid or on-premises as your deployment configuration?

    OneDrive for Business can be used in SharePoint Server 2016 or in Office 365. Organizations can use OneDrive for Business in Office 365 while retaining the SharePoint Server for all other uses. Office 365 allows employees to access their documents through the internet (outside the corporate network). The hybrid option is great for businesses with a large number of users outside the corporate network.

     

  4. What do I need in place before I start?

    To use One Drive for Business, three services — My Sites, User Profile Service Application and Managed Metadata Service — need to be configured in SharePoint Server 2016. But all Office 365 Business plans have OneDrive for Business included with them by default.

     

  5. What about SharePoint Team Site?

    Many organizations do not understand the difference between OneDrive for Business and a SharePoint Team Site. OneDrive for Business is for storing personal work documents – so the documents with little or no requirement for being shared should be moved to OneDrive for Business. Documents for collaborative work only should be moved to SharePoint Team Site.

     

  6. How much storage space do I need?

    Before starting the migration, you should calculate the required storage space and plan accordingly. The storage space for OneDrive for Business document library is determined solely by the administrator in the case of SharePoint Server. In the case of Office 365, it is decided by Microsoft according to the SharePoint subscription plan.

     

  7. Will you be migrating files/folders with long names?

    OneDrive for Business does not allow lengthy file/folder names or names with invalid characters. Large sized files as well as certain types of files are also restricted. There is also a limit to the size and number of items that can be synced with the local computer folder. It is important that you know the details about these restrictions before you begin the migration so that you reduce the likelihood of encountering an error.

     

  8. Have you considered how you’re going to validate files/folders?

    Moving documents to OneDrive for Business manually is time consuming. It can be particularly difficult to manually validate the files and folders for restricted file types, large sizes, lengthy names and illegal characters in names. Make sure you set aside some time to go through this as it can be vital to completing the migration without error.

     

  9. Have you thought about how you’re going to manage end user adoption?

    End user training helps the organization to tap the full potential of OneDrive for Business. Employees should be trained in accessing their documents from inside and outside the network. They should know to save and open files in OneDrive for business and to use features like co-authoring, versioning, tagging, document preview, simplified search and recycle bin.

     

Summary

Clearly there are a large number of questions you need to be asking yourself before you begin the process of migrating to OneDrive for Business. It is impossible to avoid answering some of these questions manually, even though it can be a time-consuming and laborious process. Other questions can be answered quicker and easier with the help of third-party solutions, such as LepideMigrator for Documents. Whichever approach you opt for, just make sure that you ask yourself these questions before you begin, so that you can reduce the risks of a failed migration.

 

Configure SharePoint 2016 Service Accounts (Part 5)

In part 4, I showed you how to install SharePoint 2016 and we stopped at running Products & Configuration wizard. And before we complete our configuration, we need to ensure the following service accounts are created for using against various service applications. Some of the best practices of creating SharePoint Service Accounts are

  1. Use Password Never Expires – All service accounts should be set to “Password never expires” in Active Directory because if they expire in future after installation of SP2016 it would be an issue for the continued operations of SharePoint.
  2. Place all Service Accounts in single OU – This placement allows system administrators to easily locate and view service accounts, group them in one Active Directory OU.
  3. Strictly Avoid Special Characters – Do not use service account names that contain anything other than _.
#

Account

Description

Access Level

1 svcSPSetup The Setup user account is used to

a. Install SharePoint

b. Run the following: Setup SharePoint Products Configuration Wizard

  1. Member of the Administrators group on each server on which SharePoint Setup is run.
  2. SQL Server login on the computer that runs SQL Server.
  3. Member of the following SQL Server roles:
    1. securityadmin fixed server role
    2. dbcreator fixed server role
  4. If you run Windows PowerShell cmdlets that affect a database, this account must be a member of the db_owner fixed database role for the database.
2 svcSPFarm The Server farm account or database access account. The server farm account is used to configure and manage the server farm. And acts as the application pool identity for the SharePoint Central Administration Web site.
  1. Additional permissions are automatically granted for the server farm account on Web servers and application servers that are joined to a server farm.
  2. The server farm account is automatically added as a SQL Server login on the computer that runs SQL Server. The account is added to the following SQL Server security roles:
    1. dbcreator fixed server role
    2. securityadmin fixed server role
    3. db_owner fixed database role

for all SharePoint databases in the server farm

3 svcSPApp This account is used for Content Web Application. None unless using Office Web Apps. Then must give access to content databases manually.
4 svcSPService This account is used for Service Application Pool. Must be a member of the Farm Administrators group.
5 svcSPMySite This account is used for My Site Application Pool. This account must not be a member of the Administrators group on any computer in the server farm.
6 svcSPSearch
7 svcSPCrawl This account is used for default content access account for Search Crawling
  1. The default content access account must be a domain user account that has read access to external or secure content sources that you want to crawl by using this account.
  2. For SharePoint Server sites that are not part of the server farm, you have to explicitly grant this account full read permissions to the web applications that host the sites.
  3. This account must not be a member of the Farm Administrators group.
8 svcSPWorkFlow This account is used for SharePoint Workflow Manager Service
9 svcSPC2WTS This account is used for Claims to Windows Token Service Must be a member of the Farm Administrators group.
10 svcSPUPSync User Profile Synchronization Connection Service Account Member of the Administrators group on each server on which SharePoint Setup is run.
11 svcSPCacheSuperUsr Cache Super User
  • The object cache accounts are user accounts that are given FullControl and FullRead privileges on WebApplications so items can be cached by ASP.Net to improve performance.
  • These accounts should not have any special Active Directory privileges other than Domain User membership
12 svcSPCacheSuperRdr Cache Super Reader
  1. The object cache accounts are user accounts that are given FullControl and FullRead privileges on WebApplications so items can be cached by ASP.Net to improve performance.
  2. These accounts should not have any special Active Directory privileges other than Domain User membership
13 svcSPSSRS SQL Server Reporting Services Service Application Account
14 svcSPPPS Performance Point Services Service Application Account

In addition to the above configuration, there are some special configuration changes required for claims to windows token service account to be done on each SharePoint server. The Claims to Windows Token Service (C2WTS) is a component of the Windows Identity Foundation (WIF) which is responsible for converting user claim tokens to windows tokens. Excel services uses the C2WTS to convert the user’s claims token into a windows token when the services needs to delegate credentials to a back-end system which uses Integrated Windows authentication.

Each SharePoint service application must run the C2WTS locally. The C2WTS does not open any ports and cannot be accessed by a remote caller. Further, the C2WTS service configuration file must be configured to specifically trust the local calling client identity

As a best practice you should run the C2WTS using a dedicated service account and not as Local System (the default configuration). But Local System will work if you configure the Kerberos constrained delegation to use the machine name account. The C2WTS service account requires special local permissions on each server the service runs on so be sure to configure these permissions each time the service is started on a server. Optimally you should configure the service account’s permissions on the local server before starting the C2WTS, but if done after the fact you can restart the C2WTS from the Windows services management console (services.msc).

To start the C2WTS using Domain Account

  1. Add an arbitrary Service Principal Name (SPN) to the service account to expose the delegation options for this account in Active Directory Users and Computers. The SPN can be any format because we do not authenticate to the C2WTS using Kerberos authentication. It is recommended to not use an HTTP SPN to avoid potentially creating duplicate SPNs in your environment. In our example, we will have registered ‘SP/C2WTS’ to the ‘infrafusion\svcspC2WTS’ using the following command:

    SetSPN -S SP/C2WTS infrafusion\svcspC2WTS

  2. Configure Kerberos constrained delegation on the C2WTS services account. In his scenario we will delegate credentials to the SQL service running with the ‘MSSQLSVC/NACDB02.infrafusion.xyz:1433’ service principal name.

    Key configuration options on the delegation tab are the following:

    a) Select “Trust this user for delegation to specified services only”

    b) Select “Use any authentication protocol”

  3. Next, configure the required local server permissions that the C2WTS requires. You will need to configure these permissions on each server the C2WTS runs on. In our example this is VMSP10APP01. Log onto the server and give the C2WTS the following permissions:
    1. Add the service account to the local Administrators Groups.
    2. In local security policy (secpol.msc) under user rights assignment give the service account the following permissions:
      1. Act as part of the operating system
      2. Impersonate a client after authentication
      3. Log on as a service

This will prepare Claims to Windows Service Account to be used with SharePoint 2016 after the configuration is completed.

In this post, we configured service accounts with their appropriate access. In the next post, we will run the product & services configuration wizard and configure each Service Application to use their designated service account. Till then, keep watching this space.

Governance Plan for Hybrid SharePoint Environment

Governance Plan for Hybrid SharePoint Environment

You had a problem. You brought SharePoint. Now you have two problems!!! 

 

Some wise person told, we create our own demons. Sometimes, without us knowing about it. And this is what is happening with many enterprises who bring SharePoint to “fix” their problems.

 

SharePoint and Office 365 are excellent productivity tools widely used for enterprise collaboration, content management and search. And with the 2007 setup, there were two flavors of SharePoint viz. Windows SharePoint Services (WSS) which was technically free SharePoint that came along with Windows Server and Microsoft Office SharePoint Server (MOSS) 2007 that was a licensed product. Then came SharePoint 2010 with Foundation which was free and licensed version SharePoint Server 2010.

 

But then Microsoft started SAAS based product like called BPOS that featured skimmed down version called SharePoint Online. And as these products matured, we ended up with SharePoint 2013 and Office 365, the SAAS based offering of SharePoint, Exchange & Skype for Business. The choices increased and so did complexity. Enterprises started evaluating SharePoint Online and OneDrive for Business in parallel with their SharePoint On Premise installation. They liked what they saw.

  • Minimum administrative overhead, maximum productivity, no upgrade or patching headaches. And the onus for downtime goes to Microsoft.
  • End users would demand just one more site collection on SharePoint Online. Power users would demand just one more APP. Infrastructure Managers started moving their network drives on OneDrive for Business. Sweet!!! 
  • And then comes chaos. Chaos on what content goes where? When to use OneDrive for Business? When to use SharePoint Site? And most importantly, when not to use SharePoint? To add to the confusion, questions like what content goes on premise? what content goes online? How do we search? Where do we search? What gets priority? 

 

Hence, Governance for SharePoint Hybrid. So let’s start with the basics, how does SharePoint Governance help? 

 

Governance is important and essential part of every SharePoint deployment. A solid and real governance plan helps answer the most critical question any organization has

 

How do we effectively manage our SharePoint environment?

 

This question has haunted IT Leadership for long.  And Governance is the answer because it helps define Policies, Processes, People and Tools that control your IT teams, Business teams and executive sponsors to work in harmony.  

 

How can Governance help in hybrid scenario? 

 

  1. Avoid content chaos.
  2. Consistent user experience.
  3. Enforce standardization and best practices.
  4. Eliminate redundancy and ambiguity in content life cycle process. 
  5. Establish a consistent mechanism to identify whether SharePoint Online, SharePoint On Premise or OneDrive for Business is the right tool for given classification of content. 
  6. Governs storage and compute power. 
  7. Improve find ability. 

 

 

 

What is a Governance Plan?

 

Governance Plan is more than a document. Its a complete guide that keeps IT & Business goals as central focus and defines policies, processes, people and tools to effectively manage the SharePoint environment. IT points to resources, templates and guides to execute tactical and operational activities related to SharePoint. 

 

Policies – The governance plan needs clearly articulated policies. These policies have to be in line with business, legal and compliance needs of an organization.  

 

Processes – The governance plan would require processes to enforce policies, escalate in case of non-compliance and process to request for overriding of policies along with service level agreements to complete the processes. 

 

People – The governance plan would require clear definition of people (roles) involved, their responsibility, escalation matrix, operational level agreements and authorization matrix. 

 

Tools – No all policies can be enforced manually or via a document. It is imperative to define tools to execute various processes. E.g. Backup tools, compliance tools, etc. 

 

Governance Segments

 

The following picture depicts governance plan broken into three segments, each having its own area of importance. 

 

Figure 1

  
 

IT Governance: This segment defines policies and processes around IT Infrastructure like storage, backup, restore, high availability, disaster recovery and content security. It also deals with identity, authentication and access management plan.  

 

Information Governance: This segment defines policies and processes around content and how it is organized and presented to end users and content owners. It also deals with taxonomy and hierarchy of content along with its findability. 

 

Application Governance: SharePoint is as much of a platform as it is content management system and customization using API and services is possible. It is imperative to have Application Governance defined to ensure user experience, system performance and customization standards are consistent and adhered to. It also deals with application life cycle management and dev ops procedures to minimize disruptions.

 

Governance and Site Types

 

Different type of sites require different policies. And in case of hybrid, the importance varies depending upon whether the content is on premise or cloud. Published sites have tighter governance over information and application management than team sites, personal sites and OneDrive for Business. Generally, the larger the number of people who get information from a particular type of site, the more tightly it is governed, and vice versa. This is shown in the following graph. For example, if your intranet home page is available for everyone in your organization, it’s generally much more tightly governed than the site for the accounting department, which is more tightly governed than most group or team sites, and so on. Personal sites are generally the least governed types of sites. 

 

 

Figure 2

 

 

Governance Operating Framework

 

GOF or Governance operating Framework is the various area of SharePoint Operations where Policies & Processes are defined. The following diagram depicts the Governance Operating Framework for which the Governance Team would establish policies and processes. In my subsequent blog post, I would create a sample governance plan taking the below into consideration. In case of hybrid environment, it is imperative to have these broken down for clear demarcation between SLAs and processes for On Premise and Online environments. 

 

Figure 3

 

 

Best Practice for Governance Plan

  1. Goals: An effective governance plan anticipates the needs and goals of your organizations business functions and IT teams. IF you have a goal defined, you will have a metric to measure it.
  2. Uniqueness: While the intent is to standardize processes, the governance plan has to be unique to your organization. Templated one size fits all plans are useless and misdirect governance team energies towards tweaking processes other way round.
  3. Classification: Classify your business information. Build Taxonomy or Buy Taxonomy that’s tailored to support your business needs.
  4. Educate: Establish training and education plans. It is imperative that every SharePoint user is educated to organization’s policies and processes.
  5. Phased out approach: Governance plan is an ongoing initiative. And you many not achieve perfection on day one. Plan phases. Start with small governance team. Build the foundational policies and processes. Aim high but execute in phases.

 

To summarize, hybrid SharePoint environment needs to be governed and control to avoid the content and information being scattered. A back up plan for on premise might not apply on Office 365 and license management plan for Office 365 might not apply on on premise environment. In my subsequent blog post, I will publish a template and elaborate on how to approach establishing a governance plan. Till then keep watching this space.

Build SharePoint 2016 (Part 4)

Build SharePoint 2016 (Part 4)

In part 3, I showed you how to build a database server on SQL Server 2014 SP1. In this part, we will see how to install SharePoint 2016 on the first application server in the farm. This post would be restricted to installation of SharePoint 2016 pre requisites and server product. In the next post, we shall discuss in detail about product configuration, security and service applications.

  1. From SharePoint 2016 installation media, run spash.hta and click on Install software prerequisites.

Figure 1

  1. Click on Next.

Figure 2

  1. Accept the terms of license agreement and click next.

Figure 3

  1. Pre requisite installation will begin and as shown in Figure 5, you would be asked to restart the server by clicking on continue. The prerequisite installation will continue after the server reboot completes until all the prerequisites are installed.

Figure 4

Figure 5

  1. Open spash.hta again and click Install SharePoint Server. If you are installing trial version of SharePoint 2016, install the product key below. Or else, use the product key available with your product. Click continue.

Figure 6

  1. Accept the terms of the agreement and click continue.

Figure 7

  1. Choose file location and change as needed.

Figure 8

  1. The installation would begin and would take several minutes to complete.

Figure 9

  1. STOP. At this screen, uncheck “Run the SharePoint Products Configuration Wizard now.” And click close. I would configure Product and Configuration wizard in next post.

Figure 10

In this part, I showed installation of SharePoint 2016 Server. In the next part, we will see the service accounts and other configuration required to configure SharePoint 2016 Application server. Till then, keep watching this space.