Sharepoint 2007 and 2010 Security

I'm doing some research on strategic decision-making. I took the following notes from a brief (30 minute) video of Peter Cohan on strategic decision-making. He has a web site at http://petercohan.com/ .

He starts by recalling working with an MIT professor who invented the idea of decision support systems. "The idea that decision support systems were a fantastic concept for certain kinds of decisions, for example portfolio management.. this notion of being able to have all the information you need to make a decision and then making the best possible decision.. "

He provides examples of a few kinds of strategic decisions: "how can we increase our market share and do it in a way that is profitable? How can we motivate our organisation to create value for its constituents? How can we distinguish between competitor strategies that we should really be focussing on?"

He notes that uncertainty is a key factor in real-world decision making. Changes in customer needs, technology, market conditions, new competitors.. all these things are somewhat unpredictable.

In looking at how decisions are made, he describes the impact of confirmation bias, the tendency for people to favor information that confirms their preconceptions. To address this it is important to objectively assess your organization's capability before entering a new market.

Another point is that shareholder value and financial performance do not necessarily move together. He provides examples of Microsoft, Martha Stewart's company, and Wal-Mart. In assessing a company's performance is not sufficient only to look at financial performance. Consumer sentiment and other factors are also relevant.

He points out the importance of expecting the unexpected. There will be new scenarios and uncertainty. He later ties this to the notion that success breeds failure, so paranoia and scepticism must be maintained. "In order to keep your organization from becoming unable to adapt, it is extremely important that you recognize the risks of complacency."

He stresses the fact that competitors have their own strategies. He argues that customers are the real force behind strategy and that customer need has to be the main focus, not copying the strategy of other organizations. He provides the example of Wal-Mart, which he argues "does a tremendous job of knowing what's selling and what's not selling, and can create an environment where it will always be meeting the demand and will always be cutting back on what's not selling."

He then discusses incentives. "When you are trying to implement a strategy if you do not understand the incentives of the people who will be implementing the strategy and make sure therei s a match between those incentives and the strategy that you are trying to implement then you are going to fail." He recommends analysing the incentives of employees and customers and check that incentives are consistent with the considered strategy.

On the whole I found the presentation interesting. The emotional / psychological aspects of markets are an important consideration in making strategic decisions.

Disaster Recovery (DR) and High Availability (HA) have been pain points for many SharePoint customers. Microsoft's Bill Baer, SharePoint Technical Product Manager, gave a presentation at Teched 2010 on the topic, and it is now available online, at http://northamerica.msteched.com/?fbid=qhPGAfbdVsq .

It's clear to me that he has a strong technical background and knows his stuff, although was a little light in identifying limitations with the out-of-the-box capabilities. (Microsoft field services engineers have been more frank in face-to-face discussions with me!). The general conclusion is that for a full-scale SharePoint 2010 DR solution, one of the things you need is a full-scale recovery farm, and you also need to really think hard about which content and processes are most critical to different business units.

He covers the improvements in SharePoint 2010, and DR/HA with the Microsoft stack. What he doesn't cover are 3rd party solutions, or design and implementation details.  Being a technical talk he also does not cover the people/process side of things. Watch his presentation for a good summary of SharePoint 2010 capabilities to a technical audience, not to understand business continuity plans, risk identification, or the non-technical aspects of disaster recovery  .

I'll provide a summary of his talk below.

Improvements in SharePoint 2010

So, what are the improvements in SharePoint 2010? 

• Improved site deletion logic
• Configuration-only backup
• Script dependent operations have UI entry points
• Browse content through Central Administration
• Unattached content database data recovery
• Snapshot support
• Read-only support
• Database mirroring support
• New Service Application architecture.

Planning

He describes some planning activities, including the basic step of determining what needs to be protected. (e.g. Content vs application functionality) Other considerations include:  What SLAs exist? How much data can you afford to lose (RPO), How quickly do you need it back online (RTO)? What agreements exist with dependent services such as Active Directory? OLAs (Operation level agreements) are also important.

Planning also needs to be informed by out-of-the-box capabilities, and also by realisation that achieving business continuity is an ongoing process.

He then breaks down some technology options based on RPO and RTO.  Failover clustering, P2P Replication (not supported by SharePoint) , Log Shopping, and Backup/Restore.

He makes a number of points that are critical in SharePoint planning:

• Content is usually the most important asset to the business. Therefore, it is the first thing that needs to be protected. I have read far too many architecture documents that are based on the view that restoring technology is the goal of Business continuity.
• Configuration is the key to replication. It's not possible to replicate a site without completely understanding the configuration of the primary site. 
• As RPO/RTO decrease, costs increase substantially. This is well understood by experienced architects, but needs to be communicated to business decision-makers so that an appropriate tradeoff can be made.

Next he talks about the functionality provided out of the box with SharePoint 2010.

• The Recycle Bin which has a two-stage implementation. In the first instance self-service can be used to retrieve a document. In the second stage a site collection administrator can restore the document.
• Versioning , which provides multiple copies of the same document. When using Office 2010 a more efficient file transfer based on differential changes is used.
• Unattached Content Database Data Recovery, which enables recovery of Site collections, sites, lists, and document libraries. You can use this to restore SQL Server snapshots without needing the snapshot to be restored onto the SharePoint system. This also allows for browsing content within a snapshot.
• Snapshots, which are a point-in-time view of data. They can be created programmatically with code and also powershell scripts.

He then provides a demonstration of the Central Administration UI for some of the above.

Backup and Restore including Data Protection Manager

Next up is a discussion of Data Protection Manager 2010. DPM enables recovery of Site collections, sites, lists, Document libraries, and list items (including blobs) , and it's not limited to content database subordinate objects. It doesn't require a recovery farm with SP2010. It now supports one-way NT4 Forest Trusts. The one limitation mentioned is that it doesn't protect Search Service applications. He goes through how DPM supports various aspects of SharePoint; DPM can protect individual service applicaitons except search.

For Service Applications backup and restore the components he lists are DPM, SP2010 itself, VSS Writer (used as a platform by ISVs), and SQL Server.  He says that SharePoint backups are supported up to 1.0 to 1.5 TB. ("That's where we feel comfortable".) SharePoint out of the box does not appear to provide incremental backup and restore. SQL Server alone is not sufficient as it will not restore configuration and other resources.

SharePoint 2010 now enables configuration-only backup, which he mentions can be used for replicating one environment's configuration to another "just beneath the farm", that is, at the web application level. However this requires detaching the associated content databases. He points out that this can be scripted.

DPM 2007 does not support configuration-only backup.

What about customisations? He recommends deploying all customizations as solutions (WSPs). SP Backup and restore can now include these. However the solutions need to be redeployed on recovery.

Another new capability is gradual site delete. This addresses some performance  issues with SP2007 that resulted from over-zealous SQL Server locking.

For developers looking at extending SharePoint's capability in this area, he points out that the API and VSS Writer options exist, and also that the Site Recycle Bin includes SiteDeleted events. The PRIME (content deployment) API is also available.

Now into Backup Recovery Scenarios. Backup can be performed in a number of recovery scenarios. This includes:

• recreating a farm on new hardware or in a different location assuming that no parts of the original farm are available. (He describes this as DR) .
• Creating a new farm based on an existing farm's configuration and backups.
• Creating backups to support HA farms. 
• Archiving versions of a site. Using unattached databases to recover site collections, sites or lists (documents possible with the Object Model as it exposes properties for doing this)

Partners that provide backup and restore solutions include Quest, AvePoint and Metalogix.

Service Applications

Next he talks about how Service Applications have replaced the Shared Services Provider. Search for example is now provided as a Service application which is scalable for availability and performance across multiple servers.

Read-Only Content Database

He gives a demonstration of putting SharePoint into Read-only mode by setting a database into read-only mode in SQL Server Management Console. SharePoint then realises that the database is now read-only and hides all the edit options from the user interface. For example, "edit document" options are no longer listed in drop down boxes.

He points out that you can use this functionality for implementing DR.

Database Mirroring

Database Mirroring didn't work in SharePoint 2007 due to connection strings, both in the .NET code and in the unmanaged code at the heart of SharePoint. SharePoint 2007 had to point to a particular SQL Server alias.

SharePoint 2010 is mirroring-aware. Microsoft have fixed all the connection strings, so that it a failover server can be specified in addition to the primary database. On failure of the primary database SharePoint can switch over to the failover server. He mentions that the best way to do this is SQL Server high availability mirroring. (He notes that you can also use SQL Server safety mirroring)

Failover Clustering

He points out the improvements in failover clustering with Windows Server 2008. A big improvement is support for geographically dispersed clusters (since the product now supports clustering across different subnets). He considers this to enable both high availability and geographically disperse disaster recovery.

Log Shipping

Log shipping can give around 5 minutes RPO. He feels that log shipping provides a cost effective solution available to 99% of deployments.

SQL Server 2008

SQL Server 2008 provides functionality for Backup Compression,  Transparent Data encryption, torn page repair, and log stream compression.

DR Partners

He lists Hewlett-Packard (HP), and EMC. "There are a lot of partners in the space depending on what you're trying to do".

Summary of slides

• * SharePoint 2010 has a lot more options for DR / HA.
• * Business Continuity Management is an ongoing process
• * Planning is critical and tested when you need it most