Vanity URL Best Practice

What is a vanity URL?

A vanity URL is a URL that can be quickly typed in the URL field of the browser to quickly and directly navigate to an application.

What is a short URL?

Many people send links to a page by copying and pasting a URL of a page. The parameters included in the URL or the folder structure of site with subsites, document libraries, folders and folders inside other folders can create an extremely long URL. A short URL may be used to refer to a page, but the far fewer characters making it easier to remember, easier to copy and paste and avoid links that break when text wraps. Short URLs are encouraged and there are tools to help.

Introduction

To ensure that information is readily available to their customers, vanity URLs are employed as a means of identifying applications . While their use has the potential to improve information accessibility, the creation of vanity URLs can also requires additional resources to setup and manage. If used inappropriately, costs and inefficiency increase. Therefore, this policy will provide guidelines for vanity URL requests that meets the needs of your organization.

Best practices for requesting vanity URLs are as follows:

• Each application that targets the enterprise can have a vanity URL for their application created. The request will then either be entered as a Change Request to SharePoint Governance and then after approval sent to the infrastructure team for implementation.
• Vanity URLs will be requested at the time they are needed. Vanity URLs that are not used will be removed/dropped. You should not reserve a group of vanity URLs for future use.
• Each organization will be provided one vanity URL. An organization can request an additional vanity URL and the request will be balanced by Business Needs and benefits compared to the administrative overhead. These are most likely to be used for their primary site collection. For example:

o   <ORG NAME>.corporate.com

o   <ORG NAME>.corporate.com

• Each application will receive one vanity URL. The URL will resolve to the Home Page and the developer can place links on the Home Page to sub-applications. For example, if you built an application called “BEATS” you can request a vanity URL of BEATS.CORPORATE.COM. The application might have a training web site to support the application. The site will navigate to these sub-sites with internal application navigation. We will not build additional vanity URLs like:

o   BEATSTRAINING. CORPORATE.COM

o   BEATSSUPPORT. CORPORATE.COM

o   BEATSFAQ. CORPORATE.COM

o   BEATSHELP. CORPORATE.COM

• Each organization must have s disposition plan for the vanity URL. The disposition plan should consider the end-of-life or the application or migrations required by the application.
• Each year, owners of vanity URLs must review their vanity URLs and ask for removal of vanity URLs whose purpose is no longer needed.

SharePoint AppScan Best Practices

SharePoint AppScan Best Practices

1. Consult with your Information Security expert about your security posture and running AppScans.
2. Never run AppScan in the Production environment in SharePoint.
3. AppScan is best targeted in the Staging environment and done before deployment to Production.  It is part of the Certification and Accreditation (C&A) and/or Change Request process at the your organization.  Running the AppScan in Staging will impact performance on the Test environment if they are using the same infrastructure (built on the same farm).
4. AppScan is not recommended to be run in the Test environment.
5. When developing a new application, and you want to do an AppScan to check for security issues before development is complete, do the following:
   ·         Create a new Site Collection in the DEV VM.
   ·         Make a backup of the Site Collection before running the AppScanif there is data you would like to preserve.
   ·         Have the scan run only for the Site Collection in your DEV VM
6. Never run AppScan during regular business hours.  Recommendation is to schedule after business hours, but schedule around SharePoint maintenance windows and automatic maintenance jobs.  AppScan jobs can be scheduled and the security analyst does not need to be physically present when the AppScan is run after hours.
7. Create an account for AppScan and assign the appropriate permissions.
8. Configure the AppScan to stay within the site collection.
9. Warning: AppScans are very resource intensive on Web Front Ends.  Also, if the AppScan has permissions and crawls to a link that performs deletion, it will do so.  It will also attempt to test the blocking of file types.  It will try to upload different file types, to your site collection.
10. Lower the thread count for AppScan to 2
11. If you have problems with certificates, contact the Certificate Authority (CA) for your organization.  If your site uses SSL, the certificates must be signed.
12. To authenticate, you will have to provide a user account and password.  Your SharePoint can be configured for anonymous access or it may require authentication
13. It is best to schedule an AppScan to run after business hours.  Around 8PM will not conflict with backups and other system maintenance.  AppScan has the option to configure and schedule scans.  Check the schedule of maintenance jobs.
14. It is best to run a “crawl without security test” before running the security test.
15. Below is the website for IBM’s AppScan:
    http://www-03.ibm.com/software/products/en/appscan-enterprise
    http://pic.dhe.ibm.com/infocenter/asehelp/v8r8m0/index.jsp

Maintaining Your SharePoint Skills

There are many things I hate about selecting IT for a career, but I would put the constant treadmill of training and re-training at close to the top of the list.  With the release of SharePoint 2013 and the move to Microsoft Online, this presents challenges for the highly skilled SharePoint resource.  First, it looks like InfoPath is gone.  Second, farm solutions are pretty much gone.  Sandboxed solutions are deprecated and may not be supported in the next version.  I remember how the “sandbox” was touted as such an improvement in SharePoint 2010 development model, and now it is going away.  So, here we go again.  Re-tooling for SharePoint.

Because my focus has been on Governance, this is where I have decided to start.  I have diligently worked through several books on Governance.  I am finding as I get to the end of chapters – I already know that.  I especially like all the new documents they recommend and the lack of useful examples and templates.  Do we really need more documents?  I especially love books on Governance that give an approach, but don’t provide a Governance Management Plan template because there are already tons of templates out there.  The approach needs to match the template!  The theory sometimes leaves you frustrated, as the client is expecting a Governance Plan deliverable, and you are talking about approaches.  We are using a template provided by Microsoft which has nothing in common with the way we do business.  It is “heavy.”  Remove the white space and it is the same size as our current Governance Management Plan.  Trying to merge documents is too painful.  They are in alternate universes.  The Governance books talk about a “road map.”  This seems to be a good deliverable and should be easy to find from Microsoft.  You start with all the Microsoft products the organization is using and map release dates of the products.  Because SharePoint is central to all this, it would be really nice.  So far, I have not found the information to provide a high-level road map I could use to present to my client, so they can plan, synchronize and de-conflict projects.  Last, there is a lot of talk in Governance of the importance of business and organizational strategies leading SharePoint Governance.  The focus then goes on Service Level Agreements (SLAs) which have more to do with the technical than the business requirements.

After completing my study of Governance, I went on to refreshing skills on HTML5 and learning JavaScript and JQuery.  I am not a programmer, but I did web development a few years back and picking up HTML5 is so far pretty easy.  Next stop, JavaScript and JQuery.  I have also completed a few books on Branding SharePoint and User Experience (UX) and User Interface Design (UI).  I have done several iterations of improving the look and feel of our site, but my client just is not interested or maybe it is not my role on the team (I am Project Manager).  Anyhow, I can’t seem to get any decision to go forward on improving the Home Page and Training site.

I have a few books queued up to review App Model development.  I read Scot Hillier’s book, but it went way over my head.  I am going to do APRESS Beginning Development and then move to the next book in the series.  I am figuring a couple of months there.  I have SharePoint Online, Office Online and Azure setup and ready to go.  Now, I need time and probably a new computer.

We have a few third party tools in our environment, like NINTEX and Lightning Controls Toolkit.  The NINTEX tool is extremely easy and powerful.  I will try to spend some time in this area.

SharePoint is used extensively in Business Intelligence.  I have not spent nearly enough time on Access Services, Excel, and PerformancePoint.  Unfortunately, this will have to wait.  I was a DBA, report writer and BI/DW consultant in a previous IT incarnation and I am sure I could  pick it up quickly in a pinch, but like so many low priority items, I am realistic in thinking it won’t happen or my life is so terrible and miserable cause all I am doing on weekends is SharePoint.

The next area of study I give the schedule completion date as “hell froze over.”  I am a big person on processes and repeatable processes.  I believe in software engineering.  Microsoft recommends Application Life Cycle Management (ALM) and the use of Team Foundation Server (TFS).  I also put in this category Project Server.  Microsoft has integrated Project Server with SharePoint.  I am using Project Server to manage my projects, but never seem to have the time to learn the tool to maximize its potential.  I guess we all can say that about the Microsoft Office Suite.  We need to refresh our skills on these products.

If you notice, there is no SharePoint administration on the list.  I have a suspicion that with just a few organizations moving to Microsoft cloud, there will be many server administrators seeking employment.  Even if your company maintains SharePoint on-premises, the resources coming available will lead to downward pressure if you are not a “rock star.”  I try to stay away from “hair cuts.”

Now, what is the role of certification in my training plan.  My goal is to do one test in the next month and another during the summer.  I am not sure about too much more.  So far, I have not seen a return on investment (ROI) for time and expense.  Since my company requires me to pay back if I leave, I will pay these out-of-pocket.  I never want to leave a company and be presented with a bill on my departure.  I have that t-shirt already.

As I continue to study 16 hours each weekend on SharePoint, I am wondering if this will pay off.  I am not optimistic.

What will come of all the Administrators?

I have seen this story in the past and it did not turn out all to well.  It is happening again, and I expect the same results.  After the dot.com bubble, I went to work for a subsidiary of Siemens.  I worked at the GA400 facility built in an old poultry plan by GA400 and McFarland Parkway.  We had about 75 IT people working at the plant and there were several manufacturing plants across the country with their own IT staff.  In two years, the team was down 8 remaining and then I left.  This happened in each manufacturing plant.  There was a new corporate IT department that was meaner and leaner.  There were real people’s lives impacted by the transition.

Microsoft and several competitors have introduced the “cloud” and we are about to enter a new dramatic reduction in the IT people needed to support IT infrastructures.  It will not be pleasant.

In Memory of Hamoodi

It was my first tour as a contractor in Baghdad, Iraq.  I was working on a Department of State (DoS) contract in 2005-2006.  The project was the Iraqi Justice Integration Project (IJIP) and we were developing a information technology system that would integrate the different stakeholders of the new criminal justice system.  We would work with the police, the courts, the Ministry of Justice, the prisons and social welfare agencies responsible for juvenile justice.  The objective of the program was to develop capacity of Iraqis, including developers of a computer system.  We hired local Iraqis on the team and taught them server administration, systems analysis, software requirements and development.  Hamoodi joined our team in December.  He was such a nice guy and happy-go-lucky.  Adam nick-named him Hamoodi and it stuck.

In May, Hamoodi went to prayers and his body guards were killed.  They took Hamoodi and savagely tortured him endlessly before ruthlessly killing him.  The team was very upset on the news of the death of Hamoodi.  It eventually led to the team falling apart and myself and most of the American contingent of the team being sent home from Iraq.  He was a good man.  We cannot forget there is true evil in the world.

Hamoodi is sitting in the middle of the team.

Enterprise SharePoint 2013 Content Migration and Coordination Project (ECMCP)

With Microsoft SharePoint 2013, the App Model is the new paradigm for building applications.  With SharePoint Online, the infrastructure needs to be hardened and secured.  In the cloud, a developer cannot deploy server-side code.  This means that applications built previously will need to be redeveloped.  For server-side code solutions deployed to the Global Assembly Cache (GAC), they will not be permitted in our on-premise installation complying with Microsoft’s Product Line Architecture (PLA).  Microsoft’s PLA is the infrastructure configuration they use for their own implementation of SharePoint in the cloud.  In SharePoint 2010, a new development model was promoted called a sandbox solution.  It was a combination of code and declarative solutions deployed to the site collection.  It was not deployed to the GAC.  These solutions can be migrated to the SharePoint 2013, but the sandbox is deprecated.  So, we are recommending no new solutions use sand-boxed solutions.  So, you can either redevelop your sandbox solution today or kick the can down the road.  For farm-based solutions, they must be redeveloped.  In addition, Microsoft announced the end-of-life for InfoPath.  For our PLA implementation, we are not allowing the deployment of InfoPath solutions that are full-trust or administratively deployed solutions.  My group’s last solution used code-behind before we acquired NINTEX workflows and forms, so that application will need to be redeveloped.

In the previous upgrade, solutions that used FAB 40 were not going to be upgraded.  After pressure from customers, Microsoft provided customers a way to migrate FAB 40.  FAB 40 consists of site templates, content types, libraries and lists.  Despite the feature being disabled, people were still able to create FAB40 lists.  This time, Microsoft was not going to provide an upgrade path with FAB40.  We had to tell our programs that FAB40 artifacts would have to be removed.  Most of the artifacts were lists or sites people created to discover what it was.  Most of the solutions were half-baked and a starting point.  I prefer not to use them and create my own functionality.  In this case, it turned out to be the good approach.  We spent about a month herding cats to get all the FAB40 artifacts removed.  My recommendation is to remove everything related to FAB40.  WE went through all the sites removing the lists and had to do a second pass to remove other artifacts.  Our server administrator said that we only needed to remove the lists, only to discover when we were done, we had to go back and do the rest.

The next major work for our project is to enable claims-based authentication and not use mixed-mode authentication.  You must upgrade SharePoint 2010 to claims, before you can do a database migration to SharePoint 2013.  Claims-based authentication broke web service calls to the profile service.  We prepared a work around and the SharePoint administrators would not implement the solution.  We recommended that developers open the application in the InfoPath client.  Unfortunately, this does not work with the customizations implemented with InfoPath for Lists.  You create a list and then you customize the form, such as add visual enhancements, remove or hide fields, and add additional text and instructions.  In addition to breaking InfoPath, it breaks some NINTEX workflows.

After enabling claims-based authentication, we performed several trial upgrades to SharePoint 2013 and let developers test their features, solutions and applications.

My next post will cover some summary background on App Model development.  Specifically, the SharePoint hosted, provider hosted, and app hosted.

Is the next inter-generational transfer of wealth going to be disappointing?

The transfer of wealth from one generation to another is an important part of one generation doing successively better than the generation that was before them.  I have not heard must discussion on the topic, and I think there are systemic changes in the economy that could impact not just the baby-boomer generation, but subsequent generations as well.  One of the most interesting aspects of the discussion is long-term commitments and their ability to persist.  First, we know that most expensive medical care happens at the end of life.  In the few days of a person’s life, medical bills can quickly exceed hundreds of thousands of dollars.  In addition to expensive medical care, the last years of life by people in “assisted living” or nursing homes can also consume the wealth accumulated over a life-time of savings.  An assisted living community can easily exceed $60,000 per year and people can live in them a decade or longer.  As the costs of end-of-life increase, the home is used through a financial instrument called a reverse mortgage may leave the next generation with no inheritance.  Nobody wants to talk about the economic impacts of increased life span, so we are likely to meander through political decisions that “kick the can down the road.”

For my generation, I fear the systemic economic changes.  I hear about people wanting to retire early, but do not have sufficient funds to retire with today’s assumptions.  But, tomorrow is likely to change.  We may live longer, I hope.  There will be new medical technology that I can’t even begin to imagine.  There will be new enhancements to automobiles and new technology to replace mobile technologies.  A retired person who is 90 years old remember buying a luxury car for under $16,000.  The price points for cars today can be $45K to $60K. Inflation over 30 years is just plan hard to imagine, never mind plan for.

Another aspect of inter-generational wealth transfer is the impact of education.  It is not uncommon for a good, private education college to charge more than $60K.  The debt for education in the country country exceeds $1 trillion.  In a previous generation, the parents would save for a large part of the costs of education.  Education provided certain positive economic outcomes.  There are two important factors in the explosion of debt on education.  First, the students are taking on most of the debt and not the parents.  The second is the unconscionable growth in the tuition and expenses of a college education.  There has been no restraint on the annual increases in tuition.  We have made poor institutional policy choices.  I have always criticized needs based tuition.  We have encouraged people not to save for college, because we will discount for people who cannot afford it.  Instead of encouraging savings, it has encouraged irresponsible behavior.  Those who save are punished.

The final area that has impacted inter-generational wealth transfer is our retirement planning.  In the 1970’s an obscure long section 401K allowed far additional savings vehicle for self-directed retirement savings.  It was in addition to pension plans and never intended to replace pensions.  Corporations have seized on the obscure tax legislation and today it is the primary savings method for retirement.  It was never intended for this and it has made economic insecurity the condition of my current and future generations.  With increased economic uncertainty, we bear all the risk.  Add the backdrop of meager pay increases for the past couple of decades, the current and future generations will never be compensated for the additional risk we bear.

Beware of the feedlot

I first came up with the concept of “beware of the feedlot” during the dot.com bubble.  It is a variation of the “winner’s curse.”  I was living in Atlanta during the bubble and had just graduated from Georgia Tech.  I had worked a few years in IT and was a participant in several user groups and technology associations.  It was while I was hanging around these entrepreneurs and technology start-ups that I got to see the craziness of funding.  There were angel investors, first round venture capitalists and there were private equity funds.

An young entrepreneur would start his business.  He would realize quickly that he would need an infusion of cash.  He would bring on a partner.  Then they would go a bit longer and then realize that have a really big opportunity.  They would meet some nice people who were lawyers who happened to know other people that would be happy to invest in their business.  After a few steak dinners at Morton’s of Chicago and Ruth Chris’ Steakhouse the entrepreneur would celebrate signing a paper giving the company an infusion of cash of about $2 or $3 million.  He is feeling like he has won the lottery.  He has just entered the feedlot.

The feedlot is where cattle goes before the slaughterhouse.  For a cow, this is as good as it gets in life.  They get to eat as much as they want.  We know what happens next.

Well, the entrepreneur finds out he no longer owns the company and when the investors are unhappy, the entrepreneur can lose everything.  Now he has to keep his investors happy, something he never had to worry about before.  He has lost control.

SharePoint Migration Planning

I work for a US government agency as a contractor.  I work for the organization that is the business sponsor of the project.  My group does not do infrastructure, but facilitates Governance, provides support to Site Collection Administrators and develop applications for the Agency and my particular organization.  I have been working for the organization about 2 years and we are currently upgrading to SharePoint 2013.

The SharePoint infrastructure has many challenges.  We have outages in the middle of the business day and the configuration of the servers is undocumented and rigorous change control and configuration management has not been implemented.  As the leader comments repeatedly, we do not have time for documentation.  To solve the problems of instability, Microsoft was engaged to conduct an analysis and make recommendations for improvement.  They have proposed implementation of the Product Line Architecture (PLA).

So, the business requirement is to upgrade to SharePoint 2013 and implement the PLA to achieve an enterprise-class infrastructure.  I am skeptical the PLA will solve the problem.  In the People, Process and Technology triangle, we are keeping the same people and same processes and expecting different results.

Since I am not responsible for the infrastructure, my team’s role is to coordinate with the programs the migration of content and the successful upgrade to SharePoint 2013.   Our focus for the project is to coordination and communication with the programs.  We have developed a communications plan with close to 300 communication events.  In addition to communications, we are guiding the project through governance.  The governance at the Agency is very complicated.  There is SharePoint governance committee representing the programs and project governance ensuring we follow their customized project management and software development methodology.  They have several stage gate reviews and required deliverables.

We have worked on several strategy documents.  We have a SharePoint Strategy, a SharePoint Roadmap, a SharePoint Concept of Operations (CONOPS), and a requirements document.  These are extremely useful documents to ensure that the strategy is right.  The requirements ensure that SharePoint is meeting the business needs and the leadership intent for the use of SharePoint within the Agency.

For SharePoint 2013, the team is re-writing the SharePoint Governance Management Plan.  The template was provided by the Microsoft consultant that recommended implementing the Product Line Architecture (PLA).  We had a Governance Management Plan and attempts to merge the two documents were impossible.  We have gone through the template provided several times and are struggling to make it meaningful for the Agency.  Much of the text has to be re-written to describe how things are actually done in the Agency.  It did provide a useful template for policy statements, and we were able to create a series of policies statements for the features activated or disabled in the implementation of SharePoint 2013.  The policies were presented to Governance, voted and approved.  We are still struggling with the rest of the Governance Plan.  We have converted the SharePoint 2013 policies to both a wiki page and a SharePoint list.

Again, our project is not an infrastructure project.  We are coordinating and communicating with the programs.  The Agency has a project methodology.  The methodology is supposed to be flexible and customizable.  So, they show me software development templates.  They have tailored the project deliverables for COTS projects, but again, we are not doing any infrastructure activities.  I have never seen an organization structured in this way and so templates assume one or another structure.  This is something completely different.  I have put the “best effort” to follow the methodologies.  It is definitely a source of tension and friction.  I especially question the competence of the Project Management Office and project management experts.

In the next blog, I will describe FAB 40 issues, pre-upgrade checklists, claims-based authentication and testing the SharePoint 2013 migration and functionality.