The year 2016 is coming to an end. And for everyone who predicted SharePoint hybrid as future in past 3 years, the future is here (almost). And enterprises have also learned that the barriers to the hybrid cloud are more numerous than originally anticipated. However, it’s important to do some reflection and introspection on where the hybrid SharePoint implementation is today.
Adoption: Interest and consumption are beginning to ramp up quickly. Enterprises who, earlier had goals to move all in a cloud are now considering a hybrid approach towards using SharePoint. Several migrations to Office 365 initiatives have failed drastically and made their way as the staple diet for discussions at various competition conferences and whitepapers. As a result, IT leaders are making a rapid shift in the direction of public cloud by adopting hybrid cloud for their SharePoint implementation. The combination of private and public cloud gives IT the tools required to help the business innovate and iterate faster at a lower cost.
Governance: The most common policy discussion that required consensus from governance board was data protection vs extending SharePoint over the internet. Just like vim vs emacs, there were always two sides to this discussion whether SharePoint should be served over VPN or should the infrastructure be made available on DMZ for easy access or publish SharePoint over web application proxy. Each side has a stronger business case; right from a sales director citing the pathetic performance of applications over VPN vs a finance controller worried about his excel sheets leaving the very secure boundaries of their internal data center. With SharePoint 2016 hybrid, a third option as emerged as a solution and it is now easy for organizations to determine which content can be made available over cloud vs what remains on premise. The boundaries for content and their availability over search are clearly articulated.
Optimized use of Infrastructure – With 1 TB available with each OneDrive for Business and SharePoint Online Site Collections storing TB of content and Videos for storing rich media content, IT managers are now able to establish an optimized storage and compute utilization plan to store low function high storage content on cloud while retaining content that has legal, compliance or business critical applications with security and performance demands can be hosted on an on-premise environment. In addition to this, with the zero downtime patching for SharePoint 2016 and managed releases for Office 365 SharePoint Online, it is easier than before the meet the Service Level Agreements for SharePoint based solutions.
Search – Content findability has always been a challenge for most of the SharePoint Implementations. Even though in SharePoint 2013, enterprises could configure hybrid search, the results weren’t encouraging with multiple search result sets that were not commingled. The relevance was different and so was user experience. With SharePoint 2016, the search has been re-architected and these issues have been addressed.
The hybrid infrastructure does provide best of both the worlds. Combining these two cloud models leverages cost efficiencies and also builds resilience into a solution.
To achieve the Hybrid model and gain some of the benefits listed above, the core architecture for Office 365 and SharePoint On-Premises needs to be understood.
SharePoint 2016 Hybrid Cloud Infrastructure
The core logical design is about connecting your On-Premises Active Directory with the Azure Active Directory that is available. This ensures that accounts are synchronized and licenses from the cloud services can be assigned. Once done then the On-Premises environment needs to be connected through standard network connectivity. Once SharePoint 2016 on-premise is configured with SharePoint Online, the users would be able to manage the following hybrid workloads.
So based on where we are, the future (Hybrid) has already arrived. But where do we go from here? What is the future of Hybrid ? With enterprises moving to Azure to host their SharePoint 2016 farm, will they continue to be true hybrid ? Or the hybrid would no longer differentiate between on-premise data center, public cloud & private cloud, but it would just be a combination of IAAS, PAAS & SAAS based solutions hosted across infrastructures.
And if you are interested in defining your SharePoint Hybrid Strategy, please reach out to me using the contact me page.
In the last post, we created service accounts and configured claims to windows token service. In this post, we will run products and configuration wizard and complete SharePoint 2016 configuration.
Before we start running SharePoint 2016 Product & Configuration wizard, we need to make sure that your SharePoint Application Server can talk to SQL Server. The default firewall settings may not allow SharePoint Server to Connect to SQL Server over port 1433. You can run the following script to open up the required ports for accessing SQL Server.
@echo ========= SQL Server Ports ===================
@echo Enabling SQLServer default instance port 1433
netsh firewall set portopening TCP 1433 “SQLServer”
@echo Enabling Dedicated Admin Connection port 1434
netsh firewall set portopening TCP 1434 “SQL Admin Connection”
@echo Enabling conventional SQL Server Service Broker port 4022
netsh firewall set portopening TCP 4022 “SQL Service Broker”
@echo Enabling Transact-SQL Debugger/RPC port 135
netsh firewall set portopening TCP 135 “SQL Debugger/RPC”
@echo ========= Analysis Services Ports ==============
@echo Enabling SSAS Default Instance port 2383
netsh firewall set portopening TCP 2383 “Analysis Services”
@echo Enabling SQL Server Browser Service port 2382
netsh firewall set portopening TCP 2382 “SQL Browser”
@echo ========= Misc Applications ==============
@echo Enabling HTTP port 80
netsh firewall set portopening TCP 80 “HTTP”
@echo Enabling SSL port 443
netsh firewall set portopening TCP 443 “SSL”
@echo Enabling port for SQL Server Browser Service’s ‘Browse’ Button
netsh firewall set portopening UDP 1434 “SQL Browser”
@echo Allowing multicast broadcast response on UDP (Browser Service Enumerations OK)
netsh firewall set multicastbroadcastresponse ENABLE
Once the connection to SQL Server is configured, you can start SharePoint 2016 Products and Configuration from the Start Menu. You will see the following screen. Click next.
You will see a message about IIS services, click Yes and Next.
You will have an option to connect to an existing server farm or create a new server farm. Since this is the first SharePoint server in the farm, we will click on option Create a new server farm. Click Next.
Specify database settings on this screen. Click Next.
Specify a Passphrase. And make sure the Passphrase is stored in a safe and retrievable place as we would need this for various activities like adding more servers to the farm, etc.
This is new in SharePoint 2016. You can specify a predefined role for the server you are configuring. For this lab, we will configure single server farm. For an elaborated description of each role, refer to my previous post “What’s new in SharePoint 2016 (and what’s deprecated)“. Click Next.
Review the parameters selected and entered and click Next.
You should see the configuration in progress. Creating the configuration database may take most of the time, everything else should complete relatively fast.
Once the configuration is successful, you will see the following completion message. Click Finish. This should start Central Administration screen and a wizard to configure all Service Applications. Click cancel, we will configure these service applications manually.
Navigate to Central Administration à Security à Configured Managed Service Accounts and add the service accounts configured. You should be able to see the following once the Managed Accounts are configured.
Navigate to Central Administration à Manage Service Applications. You should be able to see the two default service applications.
Once this step is completed, it’s good to review the following.
- Central Administration à Security à Manage the farm administrators group and review that you have all the required accounts (E.g. Admins, etc) added in there.
- You are able to access SharePoint 2016 PowerShell.
In my next blog post, I will show you how to create and configure service applications manually along with their PowerShell scripts. Till then, keep watching this space.
You had a problem. You brought SharePoint. Now you have two problems!!!
Some wise person told, we create our own demons. Sometimes, without us knowing about it. And this is what is happening with many enterprises who bring SharePoint to “fix” their problems.
SharePoint and Office 365 are excellent productivity tools widely used for enterprise collaboration, content management and search. And with the 2007 setup, there were two flavors of SharePoint viz. Windows SharePoint Services (WSS) which was technically free SharePoint that came along with Windows Server and Microsoft Office SharePoint Server (MOSS) 2007 that was a licensed product. Then came SharePoint 2010 with Foundation which was free and licensed version SharePoint Server 2010.
But then Microsoft started SAAS based product like called BPOS that featured skimmed down version called SharePoint Online. And as these products matured, we ended up with SharePoint 2013 and Office 365, the SAAS based offering of SharePoint, Exchange & Skype for Business. The choices increased and so did complexity. Enterprises started evaluating SharePoint Online and OneDrive for Business in parallel with their SharePoint On Premise installation. They liked what they saw.
- Minimum administrative overhead, maximum productivity, no upgrade or patching headaches. And the onus for downtime goes to Microsoft.
- End users would demand just one more site collection on SharePoint Online. Power users would demand just one more APP. Infrastructure Managers started moving their network drives on OneDrive for Business. Sweet!!!
- And then comes chaos. Chaos on what content goes where? When to use OneDrive for Business? When to use SharePoint Site? And most importantly, when not to use SharePoint? To add to the confusion, questions like what content goes on premise? what content goes online? How do we search? Where do we search? What gets priority?
Hence, Governance for SharePoint Hybrid. So let’s start with the basics, how does SharePoint Governance help?
Governance is important and essential part of every SharePoint deployment. A solid and real governance plan helps answer the most critical question any organization has
How do we effectively manage our SharePoint environment?
This question has haunted IT Leadership for long. And Governance is the answer because it helps define Policies, Processes, People and Tools that control your IT teams, Business teams and executive sponsors to work in harmony.
How can Governance help in hybrid scenario?
- Avoid content chaos.
- Consistent user experience.
- Enforce standardization and best practices.
- Eliminate redundancy and ambiguity in content life cycle process.
- Establish a consistent mechanism to identify whether SharePoint Online, SharePoint On Premise or OneDrive for Business is the right tool for given classification of content.
- Governs storage and compute power.
- Improve find ability.
What is a Governance Plan?
Governance Plan is more than a document. Its a complete guide that keeps IT & Business goals as central focus and defines policies, processes, people and tools to effectively manage the SharePoint environment. IT points to resources, templates and guides to execute tactical and operational activities related to SharePoint.
Policies – The governance plan needs clearly articulated policies. These policies have to be in line with business, legal and compliance needs of an organization.
Processes – The governance plan would require processes to enforce policies, escalate in case of non-compliance and process to request for overriding of policies along with service level agreements to complete the processes.
People – The governance plan would require clear definition of people (roles) involved, their responsibility, escalation matrix, operational level agreements and authorization matrix.
Tools – No all policies can be enforced manually or via a document. It is imperative to define tools to execute various processes. E.g. Backup tools, compliance tools, etc.
The following picture depicts governance plan broken into three segments, each having its own area of importance.
IT Governance: This segment defines policies and processes around IT Infrastructure like storage, backup, restore, high availability, disaster recovery and content security. It also deals with identity, authentication and access management plan.
Information Governance: This segment defines policies and processes around content and how it is organized and presented to end users and content owners. It also deals with taxonomy and hierarchy of content along with its findability.
Application Governance: SharePoint is as much of a platform as it is content management system and customization using API and services is possible. It is imperative to have Application Governance defined to ensure user experience, system performance and customization standards are consistent and adhered to. It also deals with application life cycle management and dev ops procedures to minimize disruptions.
Governance and Site Types
Different type of sites require different policies. And in case of hybrid, the importance varies depending upon whether the content is on premise or cloud. Published sites have tighter governance over information and application management than team sites, personal sites and OneDrive for Business. Generally, the larger the number of people who get information from a particular type of site, the more tightly it is governed, and vice versa. This is shown in the following graph. For example, if your intranet home page is available for everyone in your organization, it’s generally much more tightly governed than the site for the accounting department, which is more tightly governed than most group or team sites, and so on. Personal sites are generally the least governed types of sites.
Governance Operating Framework
GOF or Governance operating Framework is the various area of SharePoint Operations where Policies & Processes are defined. The following diagram depicts the Governance Operating Framework for which the Governance Team would establish policies and processes. In my subsequent blog post, I would create a sample governance plan taking the below into consideration. In case of hybrid environment, it is imperative to have these broken down for clear demarcation between SLAs and processes for On Premise and Online environments.
Best Practice for Governance Plan
- Goals: An effective governance plan anticipates the needs and goals of your organizations business functions and IT teams. IF you have a goal defined, you will have a metric to measure it.
- Uniqueness: While the intent is to standardize processes, the governance plan has to be unique to your organization. Templated one size fits all plans are useless and misdirect governance team energies towards tweaking processes other way round.
- Classification: Classify your business information. Build Taxonomy or Buy Taxonomy that’s tailored to support your business needs.
- Educate: Establish training and education plans. It is imperative that every SharePoint user is educated to organization’s policies and processes.
- Phased out approach: Governance plan is an ongoing initiative. And you many not achieve perfection on day one. Plan phases. Start with small governance team. Build the foundational policies and processes. Aim high but execute in phases.
To summarize, hybrid SharePoint environment needs to be governed and control to avoid the content and information being scattered. A back up plan for on premise might not apply on Office 365 and license management plan for Office 365 might not apply on on premise environment. In my subsequent blog post, I will publish a template and elaborate on how to approach establishing a governance plan. Till then keep watching this space.