ilta.personifycloud.com

Download Report

Transcript ilta.personifycloud.com

DEVELOPERS SHARE OBSTACLE
BUSTING SOLUTIONS
•
•
•
•
FIRM DIRECTORY SOLUTIONS
GOVERNANCE
DYNAMIC SITES
IMANAGE
PRESENTED BY:
BRETT BALMER – ESENTIO TECHNOLOGIES
NATE JEDINAK - VORYS
DIRECTORY SOLUTIONS
ONE THING MOST SHAREPOINT PROJECTS HAVE IN COMMON:
PEOPLE
INTRANET
FIRM DIRECTORY
EXTRANET
TEAM MEMBERS
CLIENT TEAM SITE
CROSS PRACTICE ATTORNEYS
DEEP PEOPLE INFORMATION
DEEP PEEPS – USE CASES
DEPARTMENT/PRACTICE LISTS
MY SITE AUGMENTATION
WHOM TO CALL LISTS
EXPERTISE TRACKING
APPLICATION PICK-LISTS
TRADITIONAL REPORTING
APPROACH
STRENGTHS
LEGACY SQL DATABASE (HR)
•STRAIGHTFORWARD FOR ASP.NET
DEVS
•PERFORMANCE IS USUALLY VERY
GOOD
•NOT COMPLICATED
CUSTOM WEB PARTS TO QUERY AND
REPORT
CUSTOM SEARCH FORMS
WEAKNESSES
•ISLAND OF DATA
•INTEGRATED SEARCH
EXTERNAL DATA / BCS
APPROACH
STRENGTHS
•SQL DATA (HR) MAPPED TO BCS
ENTITIES
•USE EXTERNAL DATA WEBPARTS FOR
DISPLAY AND FILTER
•FAST TO PROTOTYPE
•MANY OOB PARTS TO WORK WITH
EXTERNAL DATA
•STANDARD METHODOLOGY
WEAKNESSES
•REQUIRES HIGH PERFORMANCE SQL
DATA
•OOB PARTS HAVE SO-SO UX
•FUTURE MODEL CHANGES CAN BE
PAINFUL TO PROPAGATE
PROFILES
APPROACH
STRENGTHS
•AUGMENT BASE PROFILE WITH CUSTOM
FIELDS
•MIX OF AD DATA AND EXTERNAL DATA
•SELF SERVICE FIELDS
•INTEGRATED SEARCH
•MY SITES
•PROFILES ARE EVERYWHERE
•INTEGRATION WITH LINC
WEAKNESSES
•LIST VIEWS
•FILTERING
•HIGH RECORD COUNT PERFORMANCE
DIRECTORY SOLUTIONS
PROFILE HYBRID LISTS
STRENGTHS
•EMPLOYEE LIST WITH PROFILE
COLUMN
•DATA WORKS WITH VIRTUALLY
EVERYTHING IN SHAREPOINT
•FILTERS
•AND SEARCH
•COLUMNS FOR MEMBERSHIPS AND
CONTACT INFO
WEAKNESSES
•POPULATION REQUIRES CODE
•OVERALL PROCESS IS LINEAR
OUR PROCESS
AD Profile Sync
Profile
Augmentation
Employee List
Population
Source:
Active
Directory
Source:
People
Warehouse
Source:
People
Warehouse
Method:
Profile Sync
Method:
Timer Job
Method:
Timer Job
PROFILE AUGMENTATION
WHY NOT BCS + OOB SYNC?
SOME FIELDS CANNOT BE SET SUCH AS
•IMAGE
•ASSISTANT
•MANAGER
PROFILE AUGMENTATION:
CREATING A TIMER JOB TO
MANAGE PROCESS
PROFILE AUGMENTATION
SETTING PICTURE/PERSON FIELDS
VIA CODE:
SET ASSISTANT
SET PHOTO TO HTTP HANDLER
EMPLOYEE LIST POPULATION
Create List if Missing
Populate lookup values (Departments)
Find Employee by Account
If new: associate with Site User/Profile
Populate Fields
ASSOCIATING A LIST ITEM WITH
SITE USER
QUICK SNAPSHOT OF VORYS’
EXPERIENCES WITH DIRECTORY
•EVEN IF YOUR FIRM HAS A STRONG AND HIGHLY UTILIZED DIRECTORY
SOLUTION, PLAN TO MIGRATE INFORMATION TO SHAREPOINT USER
PROFILES AND REMOVE ACCESS TO THAT DIRECTORY SO YOU AREN’T
SADDLED WITH ITS LEGACY
•WHY IS THIS IMPORTANT? IMPLEMENTING PROFILE AUGMENTATION
ALLOWS UTILIZATION OF ALL BAKED-IN MOSS FUNCTIONALITY (SEARCH,
MYSITE, LINC, LISTS, ETC), EASY MOSS DEV, AND FLEXIBILITY TO MEET
CUSTOM DEV REQUESTS
•YOU WON’T REPLACE YOUR INTERNAL DIRECTORY JUST USING BDC/BCS.
THERE ARE TOO MANY CONSTRAINTS AND LACK OF IMPLEMENTATION
FLEXIBILITY
•OUR PROCESS: MODIFY PROFILE PROPERTIES TO MATCH AVAILABLE DATA,
USE CUSTOM SERVICE TO FILL RELEVANT MOSS PROFILE DATA
•TIP: MOSS 2007 USER PROFILES HAVE SOME NON-DOCUMENTED BUGS, IF
YOU POPULATE VIA CUSTOM CODE AND NOTICE ODD ISSUES, SUCH AS
CERTAIN PROFILES REFUSING TO UPDATE, CALL MICROSOFT TO NAIL DOWN
A FIX.
SHAREPOINT GOVERNANCE:
POTENTIALLY AN IT HEADACHE
•YOU KNOW THERE’S A POTENTIAL ISSUE WHEN
WEBSITES SUCH AS
“SHAREPOINTGOVERNANCE.ORG” POP UP FIRST IN
GOOGLE
•GOVERNANCE ISSUES OF INTRANET AND
EXTRANET ARE SLIGHTLY DIFFERENT, ALTHOUGH
YOUR TAKEAWAY SHOULD BE THAT INFORMATION
TECHNOLOGY CANNOT BE IN THE SOLE POSITION
OF MAINTAINING USERS AND ROLES IF YOU WISH
TO SCALE WELL… UNLESS YOU WANT TO OBTAIN
EXTRA STAFF 
•EXTRANETS RAISE THE STAKES
EXTRANET GOVERNANCE
•WE CREATED A CUSTOM TOOL TO ALLOW USERS TO CREATE AND
MANAGE THEIR OWN EXTRANETS; THIS WAS OVERKILL AND FAR TOO
CONFUSING FOR MOST. WHAT MOST USERS WANTED WAS SIMPLY THE
ABILITY TO MANAGE USERS AND THEIR ACCESS
•HOW TO SEND USER CREDENTIALS WITHOUT EXPLICIT KNOWLEDGE?
• Right-Click, “send password information to user” sends 2 emails
directing external user to log in.
• Users and IT/Service Desk can reset passwords and send
credential emails at any time, removing IT from this portion of the
governance chain. “No one” knows password.
• This was all created in 2006; in 2012, I might consider a different
transmission medium for credentials
•PLAN FOR “GROUPING” OF MOSS SITES; E.G., ON EXTRANET ACME,
CLIENT 1 SEES A, B, C SUBSITE, CLIENT 2 ONLY A AND D. ALLOW USERS
TO MANAGE THIS VIA YOUR GOVERNANCE TOOL
EXTRANET LESSONS LEARNED
•INITIALLY WE HAD NO PLAN FOR AGING OUT EXTERNAL USERS;
THIS WAS A POOR STRATEGY, AS YEARS PASSED WITHOUT
SOME USERS LOGGING IN. THIS IS QUITE A LARGE SECURITY
HOLE, WHICH WE PATCHED BY IMPLEMENTING CODE TO
“DISABLE IF NO LOGIN WITHIN X# DAYS”
•WE USED ACTIVE DIRECTORY GROUPS (INSIDE SHAREPOINT
GROUPS) FOR AUTHORIZATION; THIS WORKED WELL FOR
EXTERNAL USERS BUT POORLY FOR INTERNAL USERS AS IN
SOME CASES MAX TOKEN SIZE WAS EXCEEDED!
•SOME POWER USERS DO CREATE THEIR OWN SUBSITES, SO
PLAN FOR THIS AND STREAMLINE A TOOL FOR THEM UNLESS
YOU WANT TO MANAGE 100+ SUBSITE EXTRANETS!
INTRANET GOVERNANCE
•ALTHOUGH WE HAD A FULL-FEATURED GOVERNANCE TOOL FOR
EXTRANETS, WE ASSUMED OUR INTERNAL USERS COULD UTILIZE
STANDARD MOSS FUNCTIONALITY TO ADMINISTER THEIR SITES.
THIS WAS A MISTAKE, AS SHAREPOINT GOVERNANCE ITSELF IS
QUITE CONFUSING
•A SMALL AND LIGHT TOOL TO SHOW “WHO SEES WHAT” IS HIGHLY
RECOMMENDED; IF THIS TOOL CAN BE EXTENDED TO LIGHT
GOVERNANCE, ALL THE BETTER
•OUR SHAREPOINT CONTENT IS EXPOSED AND SECURED THROUGH
A COMBINATION OF SHAREPOINT AUDIENCES, SHAREPOINT GROUPS
AND ACTIVE DIRECTORY GROUPS. NOT HAVING A CENTRALIZED AND
CONSISTANT WAY TO DEFINE THESE GROUPS GREATLY LIMITS THE
RESOURCES CAPABLE OF MANAGING THEM
EXTRANET GOVERNANCE
SCREENSHOTS
GOVERNANCE SCREENSHOTS
(CONT).
Creating AD Users
Creating MOSS Groups
MANAGING SITES
A MODERN PORTAL IS A MIX OF HIGHLY CUSTOMIZED
SITES AND A SET OF SITES THAT VARY ONLY IN THEIR DATA.
TRADITIONAL TEMPLATE PROCESSES IN SHAREPOINT
WORK, BUT CAUSE A LOT OF MENIAL WORK FOR
PROPAGATING CHANGES.
APPROACHES FOR REDUCING
CHANGE EFFORT
• HELLO INTERN
• CUSTOM PART DRIVEN APPROACH
•
SOLVES PART SPECIFIC ENHANCEMENTS
• FEATURE DRIVEN SITES
•
•
CAN COMPLETELY DRIVE SITE CONFIG
BUT VERY COMPLICATED
DYNAMIC SITES
SINGLE SITE IN SHAREPOINT
PARTS ON SITE PULL SITE ID FROM URL
SITE SPECIFIC PART CONFIG STORED IN CENTRAL LIST
SOME PARTS HIDDEN BASED ON CONFIGURATION IN
CENTRAL LIST
DYNAMIC SITES
CHANGE PROPAGATION VERY EASY
COUPLES WELL TO SITES DRIVEN OFF MANY CUSTOM
PARTS
EASIER IF YOU HAVE A COMMON ID SYSTEM FOR
PRACTICE/OFFICES/DEPARTMENTS
DYNAMIC SITES - DOWNSIDES
SUB SITE NAVIGATION REQUIRES WORKAROUNDS
3RD PARTY PARTS MAY BE DIFFICULT TO INTEGRATE
MORE COSTLY TO IMPLEMENT
DYNAMIC SITES –
RECOMMENDATIONS
SINGLE FILTER PART WITH WEB PART CONNECTIONS FOR
PASSING CONFIG
GREAT FOR GETTING STARTED BUT MIGRATE SITES AS
THEY NEED MORE
FILESITE
GOALS – WEBPART FOR DISPLAYING FILESITE
DOCUMENTS ASSOCIATED WITH A FOLDER
REQUIREMENTS:
•HIGH PERFORMANCE
•ASYNC LOADING OF DOCUMENTS
•SORTING – OPEN DOCUMENTS IN NATIVE APP
APPROACH
WEB PART DRIVEN BY
•JAVASCRIPT/JQUERY
•JSON/REST COMMUNICATIONS
•PASS THROUGH AUTHENTICATION
CHALLENGES
IMANAGE.DLL – 32 BIT
SHAREPOINT – 64 BIT
WHICH MEANT…
SEPARATE IIS SITE TO HOST WCF
WHICH MEANT…
CROSS DOMAIN SCRIPTING ISSUES
WHICH LEAD TO…
JSONP FOR SERVICE CALLS
NRL GENERATION
REST API
HTTP HANDLER TO CONTROL CONTENT TYPE AND FILE
NAME
ALLOWS FOR URL BASED LINKS TO SINGLE DOCUMENTS
FILESITE VIEWER, TAKE 2: VORYS
APPROACH
We had 3 use cases; displaying the contents of a folder, displaying the contents of a
user’s Document Worklist, and allowing the user to create URL’s to open their
documents.
Iterate a Folder Tree
Document Worklist/Favorites/Etc
Both use the URL format below from 3rd use case
IMPLEMENTATION
• TO PULL TREE OF OBJECTS, WE DECIDED TO UTILIZE THE WORKSITE API INSIDE WCF
SERVICE ON A SERVER THAT HAD FILSITE INSTALLED . YOU CAN ALSO WRITE DIRECTLY
TO THE WORKSITE DATABASE, AND MAY WANT TO, IN SOME CASES.
•THE FILESITE API RETURNS A COMPLEX SET OF OBJECTS AND OBJECT TYPES THAT
REPRESENT THE FILESITE TREE. WE CHOSE TO SIMPLIFY THESE OBJECTS INTO EITHER
“CONTAINER” OBJECTS, OR “FILE” OBJECTS. EACH OBJECT WE RETURN IS
ASSOCIATED WITH AN ENUM THAT DENOTES ITS TRUE UNDERLYING TYPE.
•WE THEN RECURSIVELY BUILD OUR TREE BASED UPON WHETHER THE OBJECT IS A
“CONTAINER” OR A “FILE” AND MODIFY THE ICON BASED UPON THE UNDERLYING TYPE
OF THE OBJECT.
•FOR ONE SIMPLE IMPLEMENTATION OF THE VIEWER, A SHAREPOINT LIST WEBPART
CONSUMES OBJECTS RETURNED FROM THE SERVICE AND DYNAMICALLY BUILDS THE
TREE AS USER NAVIGATES. WHEN USER CLICKS TO OPEN A DOCUMENT, A NRL
STREAMED TO THE BROWSER. THIS IS A SIMPLE ASPX PAGE THAT GRABS OBJECT ID
FROM URL, SPITS NRL INTO RESPONSE STREAM
LESSONS LEARNED
•ARCHITECTURE CHOICES WERE GENERALLY CORRECT AND FLEXIBLE
ENOUGH TO ACCOMMODATE A VARIETY OF FUTURE AND UNFORSEEN
REQUESTS; WE WOULD DO IT THE SAME WAY IF STARTING FROM SCRATCH
•API SLOW ENOUGH THAT LARGE FOLDERS CAN ENUMERATE QUITE SLOWLY
AND HUGE FOLDERS CAN SIMPLY FAIL, YOU MAY HAVE TO IMPLEMENT
CACHING OR NOT USE THE WORKSITE API AND HIT DB DIRECTLY IN THOSE
INSTANCES
•ALTHOUGH A VARIETY OF METHODS COULD BE UTILIZED TO RETURN
DOCUMENT OBJECTS TO THE USER, WE DECIDED TO STREAM A NRL
DIRECTLY TO THE USER; THEREBY ELIMINATING THE NEED TO AUTOMATE
ANY DMS FUNCTIONALITY
•AS FUNCTIONALITY REQUESTS GREW, IMPLEMENTATION BECAME A LITTLE
FRAGMENTED. WE USED BOTH OUTLOOK (FILESITE ADD-IN), CUSTOM WEB
PAGES, AND SHAREPOINT TO IMPLEMENT FUNCTIONALITY. IN THE FUTURE
WE WILL COMBINE INTO ONE WEB PART/PAGE THAT CONSOLIDATES
FUNCTIONS FOR EACH FOLDER/TREE IN FILESITE
CODE SNIPPETS—STREAMING
THE NRL