Category Archives: OpEd

8 Challenges of BYOD in SharePoint: an Insider’s Tips


You may also be interested in: fpweb.net


 

Editor’s Note: Contributor Ben Henderson is Client Services Manager for Colligo. Follow him @ben3003

2013-11-13-BYOD-01.pngWhen you look at the numbers, the challenges of BYOD in SharePoint reach far and wide. 17,000 organizations now run SharePoint as their enterprise CMS and 125 million SharePoint licenses have been sold to date, according to file-sharing company Accellion. Gartner reports 70% of organizations allow users’ personal devices to access network systems and enterprise applications, and an astounding 78% of white-collar employees in the US use their own laptops, smartphones and tablets for work purposes (Cisco Systems).

You do the math. Thousands of IT departments are dealing with the daily challenges of actively monitoring and managing a myriad of mobile devices, yet delivering SharePoint content in a way that is easy and useful so that employees don’t look to less secure alternative solutions.

So what’s the problem? Two words – data breaches. In March 2011, 40 million employee records were stolen from RSA Security; the year before that Gawker Media experienced compromised email addresses and passwords of about 1.3 million commenters on popular blogs Lifehacker, Gizmodo and Jezebel, plus the theft of the source code for Gawker’s custom-built content management system. Although not on the same scale, corporate data breaches are common. According to research firm, Ponemon, about 85% of all US companies have experienced one or more data breaches.

SharePoint Needs Careful Management

SharePoint is capable of handling more than 200 file types out of the box. Imagine the data it can unleash. Without appropriate and consistent policies around access controls and security measures, such as restricted remote access, critical information can be left to twist in the wind.

Administrative mishaps, incorrectly configured services, and broad access rights all create security vulnerabilities. In the wrong hands, consumer-grade devices open an easy way through these vulnerable holes to enterprise data stored on the device and sometimes into the entire enterprise network.

As experts in SharePoint collaboration, we’ve learned first-hand where our customers face the biggest BYOD challenges in SharePoint, and they broadly divide into two categories: security and ease of use. The two go hand-in-hand to satisfy the needs of the organization as a whole and the individual users. Let’s start with security.

1. I’ve Lost my Phone

The number 1 security concern with BYOD connecting to enterprise networks is loss or theft of those devices. Foreground Security, a consulting firm, reports that 47% of employees have no passcode for their mobile phones. Malicious individuals will have access to any enterprise data stored on the device and possibly even to data stored on enterprise servers.

IT departments need to put in place, and enforce, strong password policies for every mobile device. Further, you should also consider creating password access to apps or browser access points into SharePoint, auto-wiping content after a series of unsuccessful tries, and setting up the ability to remotely wipe content from the device.

2. Authentication

On the topic of remotely wiping content, controlling access to SharePoint content on mobile devices is key. To protect sensitive corporate information, enterprises need to implement more fine grained security mechanisms and access control policies within the centralized or cloud-based SharePoint systems. IT departments need to pay attention to authorization policies that know who is accessing information and what type of data they are accessing, as well as what time of day, from what location and over what type of connection.

To achieve this, there needs to be proper site governance of both the content and structure of the SharePoint site. Note that this goes both ways, so that content that is created and changed on mobile devices need to follow the same set of authorization policies as those on the SharePoint site.

The good news is that SharePoint, Microsoft Outlook and Windows file server provide integration with identity providers like Active Directory Federation Services to enforce fine grained policies on what types of information users are permitted to view and access, even to the point of the specific device the user is connecting with.

Also note, for compliance with some of the more rigorous standards like HIPAA and SOX, enterprises need to go beyond access controls and encryption. To comply with these rigorous standards they need to implement logging and auditing to provide a trail of where the content is and has been.

3. Containerization

At the recent Gartner Security and Risk Management Summit, analyst Eric Maiwald commented: “BYOD means my phone, my tablet, my pictures, my music – it’s all about the user.” We could add to that: my confidential documents, my customer lists, my company financials, my bids and my patent information, and we have the full picture.

Separating corporate and personal data can be a thorny problem. One solution is containerization and this topic deserves an article all on its own. For the purpose of this article, we’re just making a note of its advantage. There are many choices for technologies for separating out and managing corporate email, applications and data. Just beware in making your choice, though, you’ll often need to use the vendor’s API and SDK to link customized apps to the container.

4. Jailbroken Devices

It’s no joke when a jail-broken iOS device appears on your corporate network. These devices pose a serious security risk. Worst case scenario is that malware can be introduced to your network through the use of unauthorized apps, and many jailbroken iOS devices also install a secure shell server that remote attackers can exploit.

Many MDM solutions are able to detect jail-broken devices, but don’t rely on your container solution to do this on its own. According to Gartner analyst Eric Maiwald: “If you have a rooted device, a container will not protect you.” You’ll need a multi-layered approach to jail-breaking, starting with educating employees about the risks and implications of jail-breaking their devices.

5. Malicious Apps or Hackers

What if a malicious app or person tries to access corporate documents? It has to be about the security settings you ensure all employees set on their device. For iOS devices, for example, encrypting vital information and user’s SharePoint credentials with hardware encryption and then storing them in the device’s Keychain will protect sensitive data. You’ll also want to pay attention to rogue apps that use the iPad’s screen capture capabilities, detect any modifications made to the .plist files on the iPad and if content is backed up on iTunes.

6. Preventing Information from Being Shared Externally

Employees often need to share documents with customers and partners, and this does create security issues for IT departments. The biggest issue is when employees send a document as an attachment to an email. Once that happens you lose the thread of who is sharing the document with whom, and there is no knowing who the customer then may share it with.

One solution is to offer the option to email documents as links in SharePoint. This adds extra security as the recipient must have the required SharePoint credentials to access the link and you can set authorization policies around the retrieval of said document.

7. User Interface

On the flip side of enterprise-wide security, we have ease of use for the individual. It goes without saying that if users cannot access SharePoint on their mobile devices or if they cannot access SharePoint content the way they would like to with an easy to use interface, they will look to alternate solutions for collaborating with colleagues and customers.

Out of the box, SharePoint 2013 has paid attention to the mobile experience with four browser-based experiences and the HTML-5-based contemporary view option, as well as the ability to design your own view based on your organization’s usability requirements. Your ability to choose the experiences, though, depends on a number of factors, including the devices you have and the type of site you are trying to enable.

There are also a number of third party solutions that cater to a wide range of devices to ensure employees adopt SharePoint for their mobile experience. Just note, that the user experience is tantamount to the success of your deployment and it starts with the user interface.

8. Working with Documents Offline

Field workers, sales professionals, external auditors are just some examples of employees who spend a large portion of their working days away from the office. To work efficiently, they will need offline access to email content stored in SharePoint. You’ll need a solution that allows users to selectively cache their SharePoint content to give them instant access to remain productive on the road or in the field.

There you have it. My hit list of measures you need to consider for successfully deploying a BYOD strategy in SharePoint.

Why Rogue IT is Changing the Way We Do Business

 

Editor’s note: Follow contributor Mark Fidelman @markfidelman

2013-10-11-ITHorrorStory-01a.jpgA security team at a large non-profit heard there were a bunch of people using Dropbox without authorization and their files had recently been hacked, so they made a call to Dropbox. Without authenticating their identity, Dropbox offered the list of 1600 user names and their email addresses. “The Dropbox guys wanted to get them moved to the enterprise version so much they were willing to share a customer list without even authenticating the folks on the phone!”

It gets worse.

A pharmaceutical company in the middle of a six-week drug test to secure FDA approval suddenly saw a tech savvy groups’ rogue IT missteps corrupt their data, destroying the test and ultimately costing $500 million in lost revenue.

Rogue IT horror stories like these are happening all the time. Whether dealing with super tech savvy employees seeking simple solutions, or tech challenged folks using whatever consumer app is readily available, either employee scenario can be the stuff of IT nightmares.

Are these people just terrible employees? No, they’re part of today’s increasingly mobile workforce, and they need better options when it comes to working on the go. Without consistent, easy to use productivity and collaboration options, most opt to use unsanctioned services like Dropbox or Google Docs, causing financial consequences as well as data loss, unintentional data leaks, reputational damage and full company shutdowns for days or weeks as they scramble to resolve these issues.

And it’s not only businesses that suffer – employees feel Enterprise IT pains as well. Can you imagine being fired for that instant message you just sent? Well, you certainly could be if you’re sharing sensitive customer data (including credit cards and bank routing details) across consumer IM networks, like MSN Messenger, Yahoo and AOL (true story). You didn’t know it was that serious of an offense? Well, THAT is part of the problem.

The disconnect between business users’ and Enterprise IT is multi-faceted. If it continues to grow unchecked, if employees can’t be convinced to “drop-box” and other unsafe services like it for simple to use, safe company-sanctioned alternatives, these problems are just the beginning.

My client harmon.ie is hosting a Rogue IT Horror Story contest that seeks to draw attention to these risks, by highlighting what happens when organizations don’t keep pace with employees’ needs and said employees “go rogue.”

We want to know your story. You will remain anonymous so that we can better understand why it’s happening and how to help IT and employees come to a better solution. Submit yours by this Friday October 18th for the chance to win a free pass to SharePoint Conference 2014 or Samsung Galaxy 4. Again, all submissions are anonymous and will be judged by a panel of mobile enterprise, security and IT experts, including Christian Buckley, Bob Egan, Michael Krigsman, Maribel Lopez, Nicholas McQuire and Benjamin Robbins, together with the IT community.

The best (worst stories) will be announced on All Hallow’s Eve.

Why Do People Hate SharePoint?

 

Editor’s note: Contributor David Lavenda is Vice President of Product Strategy at harmon.ie. Follow him @dlavenda

During the third week of November 2012, Microsoft hosted its annual SharePoint conference, an extravaganza of everything and anything that has to do with SharePoint, at the Mandalay Bay Hotel in Las Vegas. The conference crowd was an avid and passionate group of SharePoint boosters and the buzz around the show was electrifying. People who recently spent their vacation there, might jump to the conclusion that everyone LOVES SharePoint.

However, working with customers all over the world, we often hear the opposite opinion about SharePoint. Typical business users don’t love SharePoint, when forced to use it, many will openly admit their aversion of SharePoint. Why’s that? Here is a list of common reasons why people hate SharePoint:

  1. Deployment time takes too long – According to a Forrester survey over 40% of respondents reported that deployments ran over the allotted time and approximately 60% of these respondents claimed it was due to technical difficulties. Delays in IT projects such as SharePoint deployments can cause organizations to lose valuable time and money.
  2. SharePoint can’t be used “out-of-the-box” – Organizations learn that it is very hard to use SharePoint “as is.” They quickly discover that third-party tools are needed to augment SharePoint to address their business requirements. According to AIIM, the biggest on-going technical issue with SharePoint implementation is governance, specifically the management of metadata and taxonomies, and over 54% of organizations are either using or planning to use a third-party add-on product.
  3. “The proverbial Swiss army knife solution to every content”- From document management, project management, blog, wiki and even corporate intranet; SharePoint promises to delivers on a wide variety of needs, yet the end result is often “nothing more than a landfill for documents.”
  4. Poor user experience- In a Forrester survey, when enterprises were asked “In what way is SharePoint not meeting your expectations?” over 30% said that their users don’t like the SharePoint experience. 30% said that their end users prefer other tools such as email. This isn’t surprising since the typical business users revert back to their original business workflow once they encounter difficulties with a newly introduced platform.
  5. Poor mobile device access to SharePoint- In a study done by AIIM, 90% of survey respondents expressed some level of dissatisfaction from SharePoint’s Mobile device access. The business users want to stay productive in the office or on the go.

What Does This Mean?

How can we reconcile these reactions to the tremendous value that SharePoint brings to organizations and to its almost universal deployment? The underlying root cause of people’s dissatisfaction with SharePoint stems from poor preparation and unrealistic expectations about what SharePoint provides ‘out of the box.’

To ensure a successful SharePoint implementation and happy users, employ the following ‘tried and true’ strategies:

  1. Create a well-defined deployment process that takes into account the needs of not only tech-savvy IT people, but also your typical business users.
  2. Make sure your project focuses on a business solution and addresses the business users’ needs, such as making it easy to access SharePoint from the office and also when on the road.
  3. Integrate SharePoint into the typical business users’ everyday workflows.
  4. Follow Gartner’s advice4 and look to third party tools to plug functional deficiencies in SharePoint.

Following those 4 guidelines, will ensure that even the harshest of critics will fall in love with SharePoint.

2013-10-04-DontLikeSharePoint-03.jpg

Course Summary of TrainSignal’s Course “SharePoint Server 2013 Administration” – Part 4

 

Editor’s note: Contributor Stephan Onisick is a Senior Software Developer for HP specializing in SharePoint Portal Applications. Follow him @StephanOnisick

Lesson 11: Configuring Email for SharePoint

This lesson goes much deeper than this author wishes to pursue and probably deeper than most “Newbies” will wade into. This section is more suited for the “Super” or Advanced Admin Types.

2013-09-30-TrainSignalCourse-Part04-01.png
Looks Innocent Enough?

Bill configures Incoming and Outgoing Email for the Servers. Also he sets up an SMTP Server as well as configuring the Exchange Settings in Exchange.

He starts the lesson by Adding the SPContacts Organizational Unit in Active Directory and goes through the Delegation Control Wizard to add the Central Administration App Pool account. His objective is to be able to create and delete child objects. This gives the Administrator delete subtree permissions for the account.

Next, Bill goes into Active Directory “Advanced Features” to for SPContacts. His purpose is to give the SPFarm account permission to delete subtrees.

He then goes back to the Domain Controller and configures the SMTP App:

2013-09-30-TrainSignalCourse-Part04-02.png
Adding the SMTP Server Role

After Installing Bill restarts IIS and begins to configure the various properties:

2013-09-30-TrainSignalCourse-Part04-03.png
Setting Properties on SMTP Server

The rest of the lesson gets blurry for an Exchange-Challenged Author. Bill Opens the Exchange Management Shell to run a PowerShell Script to get the Exchange Virtual Directory Path: http://gmexc-13.globomantics.com/ecp.

Next he uses the URL to access the Outlook Web App (Exchange 2013 Admin Center). After signing in, in Exchange he configures Send Connectors for Incoming Email and Receive Connectors for Outgoing Emails.

2013-09-30-TrainSignalCourse-Part04-04.png
Mail Flow Receiver

After this Exchange Excursion, configuring the Input and Output and attaching it to Lists is a piece of cake.

(This is Lesson not for the faint of heart!)

Lesson 12: Working With Sites

Much of this and the next lesson are user interface. It’s good knowledge to have and the review doesn’t hurt—but I won’t classify it as strictly “Administrator”.

Here’s an example of “Adding an App”:

2013-09-30-TrainSignalCourse-Part04-05.png
Adding An App

(Hopefully, by now you’ve drunk the SharePoint 2013 Kool-Aid and realize everything’s an App. It’s what God created on the eighth day!)

Lesson 13: Create Libraries, Lists, and Tasks

Much of this lesson is also User Interface Stuff: a good review but not necessarily Admin Stuff.

That being said I really learned some stuff about the relationship of Task Lists to Time Lines, Predecessor Tasks, Pert Charts and Calendars:

2013-09-30-TrainSignalCourse-Part04-06.png
Task Lists and Timelines

2013-09-30-TrainSignalCourse-Part04-07.png
Tasks on Calendar

(I was obviously surprised and delighted about the strong Microsoft Project-like analysis that can be performed in Out-of-the-Box SharePoint. My advice—if you’ve been around SharePoint 2013 somewhat, just to skip to the “Create Tasks” segment of this lesson. )

Lesson 14: Working with My Sites

This lesson has more relevancy to me for administration. My Sites has complex ties to the User Profile Services, Active Directory and can be connected to the user’s tasks on any site collection.

Bill graciously creates most of his user’s My Sites webs. Then he walks us through the creation of Heather Ackerman’s My Sites web. Bills show the Active Directory connections in data that gets populated:

2013-09-30-TrainSignalCourse-Part04-08.png
Heather’s My Sites with Active Directory Data for People followed

Next, Bill signs in as himself and goes to his My Sites. He shows how to follow other people through the interface. He shows how to add a blog and other Apps to his My Sites. He, then, elaborates on the ability to see your tasks from the My Sites:

2013-09-30-TrainSignalCourse-Part04-09.png
Bill assigned Tasks as seen on his My Sites

Bill further demonstrates the capability of SharePoint 2013 My Sites to follow other sites. He does this by going to a site and commenting on a newsfeed. Then, he selects to follow that site. This means he will now receive information from the newsfeed on his My Sites.

Then, Bill proceeds to follow a document on SharePoint site. Next he shows the list that he is following and shows how the My Sites software picked-up all his activities and listed them on his activities page:

2013-09-30-TrainSignalCourse-Part04-10.png
Notorious Bill’s Activities

He also shows the documents that he is following. Next he notes that if someone changes one of the documents he is following, his newsfeed will be updated with that activity.

(I don’t know about you but I’m sold –Sign me Up for My Sites!)

Lesson 15: Configure the Office Web Apps Server

Bill first explains that the Office Web App Server allows for the viewing of Word, PowerPoint, One-Note and Excel in a Browser. Also this is a server product that runs on its own server. This can be installed on one or many servers on your farm—but your farm must use Claims Authentication. Office Web Apps supports viewing on multiple platforms such as Macs, Tablets, Slates, Smart Phone and other browser-enabled phones.

He further notes the Office Web App Server is very limited as to what other software can be installed such as SQL, LINQ or Microsoft Office Desktop Applications or Web Services using ports 80 or 443.

First he downloads the app from http://ITtra.in/downloadWepApp. He next configures the Server with specific roles. He points out additional downloads for Server 2008 as opposed to Server 2012: http://ITtra.in/ServerRoles

2013-09-30-TrainSignalCourse-Part04-11.png
Server Roles and Features

After configuring the Server, Bill installs the downloaded Application. Next he creates the Office Web App through PowerShell Command:

New-OfficeWebAppsFarm –InternalURL http://gmowa.globomantics.com –AllowHttp
-EditEnabled

(All one line—for Bill’s Server)

Next he checks if the Office Web App Server has been created by typing the URL into a browser to check the discovery: http://gmowa.globomantics.com/hosting/discovery

As luck would have it, we have a Web App Server.

At this point, Bill switches to the SharePoint Server and proceeds to use the SharePoint Management Shell (PowerShell). Next he creates the binding from SharePoint to the Office Web App Server. After a series of PowerShell commands it’s soup. He creates the bindings and switches the service from https to http. Finally he has to change the Oath to check over http as well.

Now all is well in Bill Land:

2013-09-30-TrainSignalCourse-Part04-12.png
Note the Option to Edit in Excel Web App

(Note the user no longer has to have Excel on his desktop to edit the App. Not all features are—but most are available.)

What Could be Enhanced for the Future

This course is stellar and really pushes the envelope for SharePoint 2013. Seriously, if you skip any one section of this article, you can safely miss this section without loss—I love this course.

But being a critic and writer, I’m listing a few things for TrainSignal to consider as they spiral upward under the PluralSight banner:

  • A Pre-Test and Post-Test Assessment would be welcome.
  • Downloads were by lesson and include a voice recording as well as a PDF.
    • A single download would be preferable.
    • It would be nice if the voice downloads were optional. They are really time-consuming and not everyone will use them.
    • The PDFs were not labeled and did not contain all the screens.
      (Hint: Hire someone who can document courses better—gee I think I know someone! :-) )
    • The Progress on the Overall Course is visible but a way to see the uncompleted sections would be of added value to user.

Conclusion: Summary and Forward SharePointing Direction

Great Course! How can you help but learn. Real Practical Applications with real problems that are encountered. Kudos to Bill Kulterman. 5 Star!

Also remember when this course came out, there weren’t many SharePoint 2013 Administration courses on the Net.

My aim was to provide a thorough feel for the content Bill taught. Also having taught college for four years, I try to add to the pool of knowledge. I would hope that this could also add to your TrainSignal Course Experience.

(So Many Screens to Document–So Little Time!)

Happy SharePoint 2013ing
Stephan

HIPAA Compliance and Office 365

 

Editor’s note: Contributor Mike Fleck is Co-founder of CipherPoint Software, Inc. Follow him @mfleckca

2013-08-27-SharePointSecurityImpact-01.pngHealthcare organizations have to share patient information but they also have to keep that information private. The two requirements are in direct conflict.  Add the Cloud and things get really “interesting!”

Cloudy with a chance of breach

Everyone wants to move to the cloud – especially for file sharing use cases. For larger healthcare organizations the motivation to move to the Cloud is often to consolidate enterprise users to a common platform (as opposed to the scattershot “shadow IT” approach that exists today). Smaller companies often just want to get off servers. Regardless of why HIPAA covered entities are moving the Cloud or how big those entities are, the reality is they have patient privacy and security needs beyond what Office 365 and other platforms provide. When it comes to HIPAA covered entities Microsoft’s Office 365 is better than most (more on that later) but organizations need to approach Cloud adoption with a clear understanding of what your hosting provider can do from a security standpoint and what the end-user organization is responsible for. The scary thing is that users are adopting Cloud file sharing platforms far in advance of the enterprise actually being able to manage risk of a breach of patient information associated with those platforms.

Carry a big stick

When the Obama Administration included patient privacy enforcement in the HITECH Act, many of us in the privacy business noted that HIPAA finally got some “teeth.” The HITECH Act and other related changes resulted in very impactful provisions relative to breaches of patient data including

  • The establishment of fines for losing unsecured electronic patient healthcare information
  • The notion of shared risk for companies that provide services (aka Business Associates) to a HIPAA covered entity.
  • The use of data at rest encryption as a form of safe harbor from the breach notification requirements

The Haves and the Have Nots

In the first paragraph I mentioned that Office 365 is better than most offerings. The reason I say this is because of what’s called a Business Associate Agreement (BAA). A HIPAA Business Associate (BA) is any organization that provides services to a HIPAA covered entity that traffic in patient information. A BAA is an agreement that a Business Associate signs to share risk of a breach of patient information relative to the BA’s services. SaaS and other Cloud providers are clearly delineated into two camps: those that will sign BAAs and those that won’t. Microsoft will sign a BAA. Google, Dropbox and many others will not. This dynamic is wreaking havoc with organizations that have patient information. At best they can get existing providers to sign a BAA. At worst, they have to track down rogue usage of services like Dropbox and threaten employees with serious consequences.

Common Threads

In the past several months we’ve talked to a lot of enterprise security leaders in the healthcare space about their patient privacy needs relative to Office 365. They tell us that they do not want to be in the business of controlling who can collaborate with whom but they do need to get a level of central control over patient privacy. These healthcare providers, payers, and other covered entities need to identify patient information in Office 365, encrypt that information at rest (to get Safe Harbor), and track who accesses it. Microsoft’s willingness to sign a BAA just means that Office 365 is on the short list of options. These healthcare systems and other organizations recognize that they, not Microsoft, are responsible for how the enterprise users consume Office 365.

Don’t rock the boat

The reality is there are collaboration platforms built explicitly for regulated or high security use cases. The problems with these platforms are that they are much more expensive than Office 365 and, maybe more important, users don’t want to adopt them. The right way to approach the problem is to make the platforms like Office 365 secure for patient information.

Securing Office 365 so that you can safely store patient information on the platform translates to encrypting the data, applying access controls, and auditing access to the data. With these three technical security controls in place, you’ll be in good shape to prove to auditors that you’re protecting your ePHI as required by HIPAA security requirements.

Data Encryption in a Post-PRISM Cloud

 

Editor’s note: Contributor Mike Fleck is Co-founder of CipherPoint Software, Inc. Follow him @mfleckca

2013-08-27-SharePointSecurityImpact-01.pngThe recent exposure of PRISM and the role that Cloud providers played in that program changes how businesses need to think about Cloud data encryption. These conclusions reduce to two bullet points:

  1. Implicitly trusting your Cloud provider is not a wise move when it comes to storing your sensitive and confidential data in the Cloud. Enterprises must maintain strict control of their information even while it resides and is consumed in the Cloud.
  2. Highly sophisticated organizations want your data. Enterprises need to adopt Cloud data encryption technologies that follow encryption and key management best practices.

Maintain Control

The Cloud provides great economies of scale for both the consumer of the Cloud service and the provider. For example, Microsoft, Google, and Amazon can buy more and better security technologies because they can split their cost-basis across a huge customer base.

The security challenge, then, relates to maintaining control of your information. As someone in one of my recent presentations said, “once you put your data in the Cloud it becomes the property of your Cloud provider who allows you the right to access it for a monthly fee.” With non-commodity Cloud offerings, enterprises can put the Cloud provider through months of due diligence and contract negotiations. That approach doesn’t work with offerings like Office 365 and the like. The best way to maintain control of your data is to encrypt it before it hits the Cloud and then maintain physical ownership of both the data encryption keys and the encryption/decryption functions.

Leave Encryption to the Professionals

While the US Government is the focus of attention these days (for obvious reasons) don’t forget that there are other nations trying to peek at your Cloud data. Like any other group of competitive organizations, if one is doing it the others are, too. This means that your organization is likely to face determined attackers with plenty of resources.

Here are some top concerns when it comes to the landscape of Cloud data encryption vendors:

  1. Proprietary Encryption Algorithms are the one thing that you never, ever want to use. If an encryption algorithm hasn’t been created, vetted, and accepted on a global academic and government scale then don’t use it. Period.
  2. Usability at the cost of security is an approach that vendors take when they don’t have the expertise and experience to devise a Cloud data encryption system that is both secure and usable. There will, of course, always be an impact to usability for securing your data but remember the first bullet. Cutting corners is as good as doing nothing at all.
  3. Encryption and key management requires a pedigree. Encryption and key management are highly specialized disciplines. Few organizations have the talent and experience necessary to make encryption and key management both secure and usable. There are a lot of moving pieces like Initialization Vectors, sources for random numbers, encryption key storage, key rotation, and key expiration just to name a few. We’ve touched on this topic in previous blog.

Course Summary of TrainSignal’s Course “SharePoint Server 2013 Administration” – Part 2

 

Editor’s note: Contributor Stephan Onisick is a Senior Software Developer for HP specializing in SharePoint Portal Applications. Follow him @StephanOnisick

Lesson 3: Installing SharePoint

Bill starts lesson 3 by explaining SharePoint Server Roles– basically this hasn’t changed in the big picture: there is a Web Server, Application Server and Database Server.

Next he goes into Server or Server Farm Topologies and explains a Single Server or Stand-Alone Deployment.

(I actually have a disagreement with Bill in that there is a difference between a Stand-Alone Install and a Single-Server Farm Install. What he is referring to in this example is a Stand-Alone Install.

The Single-Server Farm Install is scalable where the Stand-Alone Install is not. The Single-Server Farm is actually a Farm install on one actual physical server but is configured as a farm. I have been doing this install for all my development systems. Bill uses the term Stand-Alone later when he shows a Single-Sever. This was vetted with Chirag Mehta, ( a friend on SharePoint-Community.net)

Next he starts the basic install. After the Install completes, Bill chooses the option to run the SharePoint Products Configuration Wizard when it comes up and of course, we want to run it.

Even though Bill hasn’t used the terms “Grey Wizard” and “White Wizard” to refer to the SharePoint Products Configuration Wizard and the Central Admin’s Farm Configuration Wizard, I will be using this terminology as they are useful to point out some specific scenarios in Bill’s installation. Since the background of the next screens are grey, hence “Grey Wizard”:

2013-09-17-TrainSignalCourse-Part02-01.png
Mysterious "Grey Wizard" or SharePoint Product Configuration Wizard

After this configuration wizard finishes, Bill Launches into the “White Wizard” or the Central Admin Farm Configuration Wizard:

2013-09-17-TrainSignalCourse-Part02-02.png
Screen to Initiate the "White Wizard"

(At this point many people including me are yelling “Please Bill don’t do the configuration with the wizard!!” Alas, all to no avail. Bill even notes these sentiments. There are other ways to go through and configure farm services via PowerShell Scripts. But there is method to Bill’s going this route; basically, this course is an intro SharePoint Administration on 2013.

Actually this is not as bad as it seems: Bill’s methodology with the major services, like “Search” and “User Profile Administration”, is to initially delete the configured service; then, to reconfigure them.

His simple actions give the student confidence to do the same. This is exactly how I finally got my Profile Administration Services for SharePoint 2013 launched.)

2013-09-17-TrainSignalCourse-Part02-03.png
Much Maligned "White Wizard"

Bill does a good job in explaining the basic services and deselecting the ones for a more advanced session.

(Note Bill actually restarts the installation from before the “White Wizard” was run in the next lesson. So that he can go through the wizard again. This means that the majority of services and databases just created will go “bye-bye” and be recreated in the next lesson.)

Lesson 4: Farm Configuration

At this point, Bill takes a step back. He actually picks up from before the “White Wizard” ran, just to see if everyone was awake. (I failed twice.) Some of the services and databases that we configured in the last lesson are gone.

He notes that there is only one Web Application present and that is for “SharePoint Central Administration v4” and then examines the IIS Manager and the SharePoint Central Administration Website.

Next after initiating the Farm Wizard, Bill sets up the “SPSvc” Service Account, Services Account, in Configure Managed Accounts to use an account other than the Farm Account. Bill also spends time discussing password synchronization and how to use the Register Managed Account to see what services are being run by which account.

After the end of the Farm Configuration Wizard, he creates the “Globomantics Main” Site Collection as a Team Site.

Then Bill shows the Services being managed by SPSVC after the Farm Configuration Wizard has been run under Configure Managed Accounts

2013-09-17-TrainSignalCourse-Part02-04.png
Register Managed Account after Configuration

(Get any 10 Administrators in a room and there will be 10 ways of doing permissions. This screen under Managed Accounts is helpful to find out who actually has what.)

Finally Bill views the Site Collection in Central Admin and from the URL he opens the site created – you know, the Standard Blue and White SharePoint 2013 “Hello World” Screen. Bill concludes the lesson by showing the new databases created by the “White Wizard”:

2013-09-17-TrainSignalCourse-Part02-05.png
Databases – Surprise! Now you see um again-Note Ugly Database Names!

(Note: When the databases are created by the Farm Configuration Wizard, the wizard tacks an ugly guid at the end of the name.)

Lesson 5: The Logical Architecture of SharePoint

If you’ve been doing SharePoint for any length of time this was a “snooze puppy”

2013-09-17-TrainSignalCourse-Part02-06.png
Logical Structure of SharePoint

If you have knowledge of what the following terms are: a Farm, a Web Application, an App Pool, a Site Collection and a Site/Web — feel free to move to Lesson 6. If you are really new to SharePoint, the lesson is a good overview.

Lesson 6: Creating Web Applications

Bill walks through the creation of two web sites: the Globomantics Intranet Site and the Globomantics My Sites. But first he examines the Health Monitor. He notes that most of the warnings are because the installation is not complete.

Next he registers SPAdmin, the install account, for the security account of the App Pool he is about to create in the new Web Application. Then he creates the new Web Application from Central Admin:

2013-09-17-TrainSignalCourse-Part02-07.png
Creating a Web Application

Bill provides a good explanation of Host Headers, which are needed to give descriptive and unique web directories for applications in IIS.

Next he fills in the information in the Create New Web Application Page so that a new App Pool will be built when the web application is created:

2013-09-17-TrainSignalCourse-Part02-08.png
Basic Creation Screen–Bill will change the Ugly Database Name

(Note: See the ugly name for the Database Name with the long guid. This gets renamed to “Globomantic_Intranet” (Yeah Bill!) to make it more understandable and easier to locate.

Next Bill explains the concepts of Service Application Connections:

2013-09-17-TrainSignalCourse-Part02-09.png
Web Application Services Hookup

He explains the use of a “Custom Connection Group” when not all default services need to be associated with a particular web application. This might be a web app to do some specific set of tasks.

After creating the Application, Bill is not yet ready to create the Site Collections, so he moves on to create the My Sites Web Application. Basically this is a “Rinse and Repeat” of the first Application created.

Next Bill configures the DNS on the Domain Controller:

2013-09-17-TrainSignalCourse-Part02-10.png
Configuring Domain Controller to Configure DNS–Go Bill Go!

(To me this is where Bill really excels doing off-roading. These little side trips can, and do, cost technical people complete days of searching and Googling because not everyone doing these tasks has mastery of all the disciplines involved.)

Next Bill creates a new Host Record in DNS for our Globomantics Intranet Sites (the site will not be accessed from the outside, so only one record is needed to locate the site internally.)

Bill creates another Host Header for the My Sites App. Then briefly reviews the IIS Configuration.

Course Summary of TrainSignal’s Course “SharePoint Server 2013 Administration” – Part 1

 

Editor’s note: Contributor Stephan Onisick is a Senior Software Developer for HP specializing in SharePoint Portal Applications. Follow him @StephanOnisick

When I noticed the affiliation between my favorite site, SharePoint-Community.net, and TrainSignal.com, I immediately made contact with TrainSignal and proposed some course reviews. Being closer to the “Suma Come Later” crowd than the “Technology Bleeding Edge” crowd, I wanted to offer my perspective and insight as a kind of compendium or adjunct to some of the SharePoint Courses.

The YouTube offerings from TrainSignal were top notch and I couldn’t wait to partake in their course offerings. As part of my review arrangement, I have access to their courses for the next year (Awesome!).

My choice of “SharePoint Server 2013 Administration” was deliberate. My normal role as developer had been altered to configure some SharePoint 2013 virtual machines for our test environment. To say I was challenged was an understatement. I was only peripherally familiar with Active Directory, DNS, Server Manager, Firewalls and Domain Controllers. I was looking for a good introduction without too many assumptions of prerequisites.

Being a member of Pluralsight.com, LearnDevNow.com and Safari Online, I had actively been looking for SharePoint 2013 Administration Courses and couldn’t find one. TrainSignal’s course fit the ticket exactly. (Soon to be part of PluralSight.com for a mere 27 million!)

To be fair, I know SharePoint-Videos.com, has an offering—but I was not a member and did not want to outlay cash. Also, PluralSight.com has sixty-five SharePoint Courses with approximately seventeen SharePoint 2013 courses—but none, at this time, were specifically designed to be an administration guide to SharePoint 2013—much less a “Newbie Admin” .

This course was specifically designed for the first-time admin—but there are also pointers for the seasoned veteran that might just be new to SharePoint 2013.

2013-09-12-TrainSignalCourse-Part01-01.png
Train Signal Opening Menu

2013-09-12-TrainSignalCourse-Part01-02.png
Course Menu – User Profile Service (Most Awesome Module) Circled

My tale gets even more woeful: I had been trying for three weeks to resolve “User Profile Administration” in Central Admin of a SharePoint 2013 development installation. I just wanted the User Profile Service to pick up my test users from Active Directory. Not surprisingly, when I got access to the course, I immediately opened the Lesson 10 on “User Profile Service Administration”.

What I found in that lesson was a Godsend! After watching the Lesson about twice and following Bill Kulterman’s instructions. My Profile Service was up and running and I successfully imported my Test Active Directory users. (There was life after User Profile Service Administration!)

2013-09-12-TrainSignalCourse-Part01-03.png
Reticent Programmer

Bill had impressed me with his friendliness so much so that I’d even buy a used car from him?

2013-09-12-TrainSignalCourse-Part01-04.png
Bill Kulterman: My Hero!

(I just found this YouTube Video Bill made if you’d like a sample of his congenial style: SharePoint 2013 – Creating a Web Application & Site Collection – YouTube)

What I specifically liked about the way Bill taught was that he navigates you into the problems that you WILL encounter and is friendlier than Microsoft Documentation at solving them.

My methodology for reviewing this course will be to give my impressions and point out the salient features in the lessons. I also provide a decent running dialogue of what’s being covered.
(Note: By my gestimate, in this course Bill goes through at least 500 screens, I have tried to include a representative sampling.)

Lesson 1: Getting Started with SharePoint

The Intro was the basic “Hi and Howdy” spiel—necessary, but just enough to move you on.

Lesson 2: Preparing for the SharePoint Install

Bill begins to get into “red meat” with this lesson 2. What most SharePoint Administrators know is that doing SharePoint involves a lot of off-roading. There are a number of components that go into a SharePoint Installation such as Configuring Service Accounts in Active Directory, Setup of SQL Server, and Firewall Configuration

I especially like his preparation of the Accounts in Active Directory to setup the accounts for the permission management and his use of the “Least Privilege” philosophy:

2013-09-12-TrainSignalCourse-Part01-05.png
Setting up Admin Accounts in Active Directory

Next he proceeds to the SQL Server Install. SQL Server is the “bread and butter” of SharePoint. It is essential that the Admin have a feeling of how SQL integrates with SharePoint.

One thing that I value in his coverage is the seemingly obscure topics like “Max Degrees of Parallelism”. These obscurities come back to bite you if not set correctly.

Next he covers the actual SharePoint Prerequisites Install—which is part of the Setup download. After a couple of screens and a few reboots, “Bob’s your Uncle” and it’s onward to the SharePoint 2013 Install!

The SCA as a SharePoint Professional


You may also be interested in: Scinaptic OnePlaceMail – Enterprise Email & Document Management for SharePoint


 

Editor’s note: Contributor Scott Shearer is a a SharePoint evangelist and developer with FlexPoint Technology. Follow him @ScottJShearer

2013-08-07-SharePointSCA-01.pngIt is my opinion that the SharePoint SCA (and, to a lesser extent, the Site Owner) is the most underappreciated person in the SharePoint world. In other words, the SCA gets no respect. Many in the SharePoint world consider the SCA to be no more than a power user with some extra permissions. That perception needs to be changed.

Consider the following list of skills that any good SCA should possess:

  • Knowledge of all list and library types and features
  • Ability to configure lists and libraries
  • Knowledge of managed metadata features and configuration
  • Ability to create custom content types
  • Knowledge of out of the box workflows
  • Ability to create workflows in SharePoint Designer
  • Expert knowledge of the SharePoint Security Model
  • Ability to create scripts using jQuery and JavaScript
  • Ability to configure SharePoint search features at the site level
  • Ability to provide training and demos for end users and management
  • General database knowledge (required to configure BCS)
  • And the list goes on…….

The body of knowledge that a good SCA should possess is significant and unique. It is a different skill set than a SharePoint “server side” or .Net developer, but there is some overlap. It’s also a different skill set than the SharePoint IT Pro – the guys who live in Central Admin. It is a unique IT skillset.

Traditionally, any training or content aimed at the SCA has been placed in the “End User” or “Information Worker” track. “Information workers” are not IT professionals. They use SharePoint as a tool. They know enough about SharePoint to get their jobs done and no more. It is unlikely that an “Information Worker” will possess the skillset outlined above.

Does it seem like a good idea to entrust the security of all you SharePoint sites to an “Information Worker” who happens to be a part time SCA? OK, then how about the IT Pro who lives in Central Admin? They don’t possess the right skill set either. The IT Pro needs to know how to “keep the lights on” – they keep SharePoint running, do backups and other administrative tasks. They don’t really need to know much about running a site collection in order to be a good IT Pro. They don’t need to understand the nuances of configuring lists and libraries. They don’t need to interact with end users (and probably prefer not to) and they don’t need to have an in depth knowledge of the SharePoint security model. Well, since the IT Pro isn’t the right choice, then let’s consider the SharePoint developer. While a SharePoint developer should have a better understanding of what it takes to run a site collection, it just isn’t their job on a daily basis – they write code. They don’t deal with end users. They don’t help create governance plans. They don’t do training and you certainly won’t find a “developer” in SharePoint Designer (at least when someone else is watching).

My experience has been that, while some “Information Workers” are SCAs, most large site collections are run by someone who has the full time job of administering one or more SharePoint site collections. These individuals have invested a significant amount of time and effort in achieving a high level of SharePoint knowledge. They are professionals. Without a qualified and motivated SCAs, the chances that a SharePoint deployment will be successful will be dramatically reduced. Poorly planned sites, poorly trained and indoctrinated users and a failure to leverage SharePoint out of the box features don’t add up to a SharePoint success story. An SCA with the skills outlined above can be the difference between success and failure.

There is such a thing as a professional SCA and a legitimate SCA skillset. It’s time for the SharePoint community to recognize the SCA as a SharePoint professional. Toward that end, I would like to make the following suggestions:

  • Microsoft should offer an SCA certification. There is no certification that relates in a meaningful way to the daily duties of an SCA. There is only one exam that comes close (77-886) is part of the MS Office certification series.
  • Events such as SharePoint Saturdays, user groups and official Microsoft events should start offering an SCA track.
  • Too many times, while attending conferences and SPUG meetings, I have heard the speaker say something to the effect that something is “so easy an SCA can do it”. There needs to be a recognition that the SCA skillset which is broad and deep. It takes time and effort to acquire the skills you need to be a good SCA.

Finally, to demonstrate your understanding and recognition of the work that the SCA does, hug your SCA the next time you see them.

Use of a Touch Tablet for SharePoint Planning


You may also be interested in: fpweb.net


 

Editor’s note: Contributor Ricardo Wilkins is a Solution Architect for Blue Chip Consulting Group. Follow him @ricardo303

2013-07-17-SharePointSurfacePro-02.pngAs a SharePoint consultant, I’m often involved in whiteboard sessions where some aspect of SharePoint planning is being discussed and documented. This process can be facilitated in many ways, and with many tools, some of which may be more effective than others. As a happy owner of a Surface Pro Windows 8 tablet PC, I’m starting to explore new ways of using it to enhance the value of the consulting that I provide to my clients.

Ruven Gotz (SharePoint MVP and author) has talked and written in detail about how he uses mind mapping tools in SharePoint planning. But with the emergence of more Windows 8 tablets, I thought it would be useful to discuss it as it relates to creating these diagrams on a touch device. Traditionally, OneNote has been my tool of choice for free-hand drawing with my tablet PC pen, but I’m beginning to explore finger-friendly mind-map diagramming software similar to the tools Ruven recommends.

There is certainly a different experience when no mouse is present, and objects are dragged onto a canvas with fingers rather than pointers. It can also be useful to pinch for zooming in and out of the diagram, giving more close-up detail, or getting a birds-eye view. And with the inclusion of a pen, it could be argued that you get the warm-fuzzy feel of writing on a traditional whiteboard with dry-erase markers. The question is, could this new touch-enabled way of diagramming make the planning process a little more dynamic and fluid than traditional whiteboard or keyboard/mouse methods have in the past? And if so, would more of our customers be interested in planning this way?

The following video shows an example of using the Surface Pro tablet PC with Mind Map software to diagram a Content Type planning process. Lemme know what you think, or join the discussion of this topic over at SharePoint Community. Enjoy:

2013-07-17-SharePointSurfacePro-01.png