Microsoft Makes No Warranties, Express, Implied Or Statutory, As to the Information In

SharePoint 2016 Support Document

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

The descriptions of other companies’ products in this document, if any, are provided only as a convenience to you. Any such references should not be considered an endorsement or support by Microsoft. Microsoft cannot guarantee their accuracy, and the products may change over time. Also, the descriptions are intended as brief highlights to aid understanding, rather than as thorough coverage. For authoritative descriptions of these products, please consult their respective manufacturers.

© 2014 Microsoft Corporation. All rights reserved. Any use or distribution of these materials without express authorization of Microsoft Corp. is strictly prohibited.

Microsoft and Windows are either registered trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Microsoft Proprietary and Confidential Information Page 1

SharePoint 2016 Support Document

Contents

1Executive Overview

2Implementation

3SharePoint 2016 integration

4SharePoint Service Offering

5SharePoint Service and Support Team

6SharePoint Support Offering

7SharePoint Site Collection and Site Provisioning

8Leadership Commitment

1Executive Overview

Executive Overview

The Company requires a consistent and robust platform for supporting the management of resources in each departmental, group, and team needs. To facilitate this need, the company plans to design, deploy, and manage a standardized, consistent Intranet Portal Service. This service is built on SharePoint 2016.

This Governance Plan is a guideline outlining the needs, requirements, goals, scope, administration, maintenance, stakeholders, and support of the company’s SharePoint 2016 deployment. It identifies lines of enablement for our leadership, business and technical teams.

Agreeing to a shared governance plan is one of the most challenging tasks of any SharePoint integration. SharePoint Governance fulfills many needs to a business. It establishes the ground rules for all the stakeholders of the system. It controls unbounded expectations of both the users and leadership. It allows leadership and technical teams a roadmap to expanding services and capabilities. Most importantly, it defines the scope and capabilities of a current implementation. This takes a great deal of guesswork out of any future migrations, upgrades or changes to the system.

There are many examples of SharePoint governance plans available. All have their merits but, a useful governance plan must support the unique processes and needs of that business’s environment. In this case, it must support the company’s business needs and user community. This plan takes a simple approach to solving this daunting task. It begins with general SharePoint goals and builds upon these goals to identify the overall SharePoint scope and service offering.

1. Establish the high-level goals of the SharePoint Portal. This is defined in theImplementation section.
2. Identify the technical requirements of SharePoint Portal in greater detail. Each of these supports the general goals but, identifies the unique and detailed needs of authentication, support and function in greater detail. This is defined in the SharePoint Service and Support section.
3. Identify the SharePoint service delivery. This identifies the service delivery and how it will approach the need and technically fulfill each requirement. This is defined in the SharePoint Service Roles section.
4. Identify each stakeholder’s area of responsibility in the support delivery plan. This embellishes the helpdesk and support functions. The service delivery plan will further define the support and service offering by identifying each stakeholder’s areas and scope of enablement. This is defined in the SharePoint Help Desk Support Levels.
   

To this end, the goal of this governance plan is to provide a guide for a sustained SharePoint portal service offering. This includes accommodating for expectations, projects or migrations as new concepts capabilities or limitations occur.

2Implementation

Needs Analysis /Service and Business Requirements

The following identifies the services required by this application and illustrate the scope of this integration and the needs it is designed to service.

Service Goals

To provide sustained service we need to define the service goals, so the staff and user community can understand and agree to the focus of this platform’s goals.

• Enable the company with a sustained and robust SharePoint Portal service offering, which supports the community with tools that allows secure sharing collection and reporting of business documents and information.
• Enable the user community with a scope of services that the SharePoint 2016 application can provide. Provide a scope of the current capabilities and how to enable expansion and growth of these services.
• Enable community with tools so users can obtain support and define how support requests are opened, tracked and resolved.
• Enable community with guidelines to how changes in SharePoint services are requested, tracked and resolved.
• Provide guidelines for the hardware and software lifecycle support provided by the SharePoint environment.
• Enable company culture to encourage better and more effective business processes, collaboration and management suing the SharePoint application and its integration with other business applications and systems.

3SharePoint 2016 integration

The SharePoint portal access, authentication and security

• System must provide the ability to report system configuration status and report on direct input from companies’ operations database. This is the tool used by the Company to audit and report on the system health of all systems and manufacturing processes.
• Server system must support and require smart card authentication and must be accessible from any company network space. The portalwill not have need to be accessible from outside the company network space.
• The authentication functions are performed via the Windows Active Directory user account, Windows Internet Information Services (IIS) and the SharePoint 2016 application. The SharePoint server will allow authenticated access via respective user accounts under the companies trusted (Active Directory) domains. No additional accounts or accessibility will be established or granted permissions on the portal. Application must support user group functions for permissions. Kerberos authentication is required on the Central Administration and Web App IIS instances only, per company security policies.
• Server system must meet all Information Assurance policies. Use only approved and licensed software. Systems must meet security inspection requirements and obtain and keep current the proper company IT Authority to Operate certifications.

Disaster recovery and service accessibility

Architecture requires that there is no single point of failure. Disaster recovery must be met to accommodate the following uptime requirements.

• Uptime target 99.95% or better. (Not including planned maintenance windows) Regularly schedule outages will take place on the first Thursday of each month. Notice will be sent to all stakeholders prior to each outage.
• Disaster Recovery time objective 12 hours or less for non-catastrophic outages and 48 hours for catastrophic outages. (Recovery/Failover datacenter must contain dependent services including SMTP, Active Directory/Authentication services, DNS, and SQL Server storage).
  Recovery timeframe does not include additional necessary hardware acquisition as we only operate a cold COOP facility. This facility has power and AC but does not have active network connections or server hardware.
• Recovery point objective for a site collection or portal is 4 hours or less, unless restricted by portal sizes exceeding 50 gigs. Portal size exceeding this recommended size will be performed in best effort timeframe. Site collection size impacts recovery time significantly.

A Continuity of Operations Plan (COOP) is being identified. The COOP will be designed to support operations moving to a separate geographical location for up to 30 days. Disaster recovery environment setup in alternate datacenter to avoid further points of failure due to acts of God (flooding, fire, tornado, hurricane, and extended state-wide power outages).

SharePoint recycle bin will be available to uses for restoring of documents deleted within the last 30 days. Site collection administrators are encouraged to use this feature in site and file administration.

Monitoring by respective SharePoint administration staff

• Monitoring will be performed by the local SharePoint administration staff (Mon-Fri 8am-5pm (excluding holidays)).
• Support calls to the 8am to 5pm support desk should receive attention within a maximum of 15-minute hold time without prior notification of high call volume, and resolution should be a maximum of 3 days for 90% of calls. Resolution is considered successful resolution by the client or customer. The only exception to this is if the client or customer does not respond. This service is considered business critical.
  

SP services and ability to leverage other MS application features

• SharePoint 2016 Excel Services
• SQL Server Reporting Services (SSRS)
• SharePoint 2016 Performance Point Services
• Outgoing SMTP (Email) alerts and Incoming SMTP (Email) enabled document libraries
  

Search requirements

• Enterprise search will be necessary for all top intranet portal and all departmental portals. This is a text string search for file name and text search within documents for Word, PowerPoint, Excel, Visio, OneNote and Adobe PDF files. Search results are security trimmed. Results will only return query results to a user for the items which that user has permissions to access.
• Search schedules and updates must not interfere with user access and performance. The content crawls necessary to facilitate search features will be completed on a regular schedule. As content crawls are extremely resource intensive, they will only be scheduled during normal business hours as performance and resources permit. It is understood, new items added to the system will not indexed or identified in a search until a crawl has been completed on the new content.
  

Site and data life cycle

• Site collection expiration policies will be identified and enforced by the SharePoint Operations team. No site will be deleted permanently without first notifying the primary and secondary owner, (Site collection administrators) and then after some agreed-upon time the site should be backed up for quick retrieval.
• These “archived” sites will be retained for a period of 1 year after being removed from the production system. A request for restoration of site collection can be made by either the site collection owner(s) given a compelling business reason for the site to be available and not accessed or used in a responsible manner. After the site is removed, and then restored, the same rules are in effect and the site can again be removed for lack of use.
  

Editing/Design/SharePoint Designer Usage Policies

• Master pages will be authored by a single design team. SharePoint Designer will be supported only by those “certified” where the tool deployment will be tracked and managed.

Auditing

• The default auditing settings will be turned on consistently across all sites for tracking expiration policies and item deletions.

Site Templates

• Initial site collection provisioning will be performed using the standard Team site template. All default SharePoint 2016 Enterprise templates will be available for use by the site collection administrators as they grow their site. Additional 3rd party templates are considered customizations and must be requested and approved via the configuration management board. Previous SharePoint server upgrades and issues experienced with custom templates would encourage users to remain consistent with the standard template offerings.

Workflows

• Workflow solutions on top of SharePoint Server are being evaluated with limited SharePoint Designer access and a requirement for more powerful solutions right through the browser.

Data use, content size and individual user disk use

• Site collections will have a set quota and restriction of 50 gig.

4SharePoint Service Offering

The following identifies the service offering of each component (requirement) is delivered or administrated. The SharePoint service offering centers the computer information security triad (confidentiality, integrity and availability). The core of this service offering is information security and the CIA TRIAD. From this core we expand the SharePoint capabilities and application tools to provide the business and user needs required by the company.

SharePoint access, authentication and security

The SharePoint 2016 server environment in the respective has been established with a common intranet portal to accommodate the corporate headquarters and the company’s latest company news and communication to the staff. All SharePoint 2016 Portals are smart card enabled, thus a company card is required to access the portal and company information and resources stored on the portal. This can have granular and secure access tied to any user or group in the Active Directory domain.
Company Portals on this SharePoint 2016 platform

Portal access is restricted to allow access via a user’s smart card only. No simple login/password-only access is allowed per company guidelines. Permissions to a site or data can be controlled to read-only, change and full access via the standard SharePoint 2016 tools and functions. Service account guidelines and policies will be enforced, to allow NOC operations team the ability to use service account login/password accounts as required for platform functions.

A user with the proper smart card authenticated permissions can access data from inside the company network on their company provided PC or laptop. All connections to the server must be made via SSL (HTTPS) and are 2048 bit encrypted.

Disaster recovery and service accessibility

One of the most significant service offerings provided involves the confidence that data is not at risk on these systems and it can be accessed in the event of some malicious or accidental situation. To provide this confidence the System, SharePoint and Database administrators have implemented mechanisms to safeguard the application configuration and data at many levels.

Application and hardware redundancy built into the architecture

All components used by SharePoint environment have redundant software and hardware functions. This includes dual power supplies in all servers, each tied to a separate UPS power system in the datacenter. The data center (Company Building 111) has a generator to accommodate an extended power failure, this also provides redundant power for the AC cooling functions. There are redundant physical servers supporting the virtualized SharePoint environment that allow the virtual machines to be moved on/off physical hardware in the event of hardware failure. Redundant switches and SAN components insure data and disk volumes are robust and available. In addition to this the SharePoint Farm environment employs an SQL cluster to insure the database availability, and multiple SharePoint front ends on a Windows network Load Balancer to insure redundant web server availability in the farm.

The SharePoint 2010 Recycle Bin

SharePoint employs a Recycle bin that allows users the ability to recover deleted documents for up to 30 days. In most cases the Site Collection administrator or Helpdesk need not be involved in recovery of these items. Recovery of the items can be accomplished by the user.

Robust scheduled backup of data

SharePoint holds all data can configuration within the SQL databases. In the event of more serious or catastrophic failures, a regularly scheduled backup of database files is completed every Friday night and differentials are completed on Wednesdays. The backup files are retained on the system for 30days, thus allowing four (4) complete backups of the SharePoint systems to be available at any given point in time. These items are written to a Network Attached Storage in the same server rack for expedient backup and recovery. The same Network Attached Storage volumes are then mirrored to a similar Network Attached storage device in data center to accommodate off-site storage. Regularly scheduled Operating System backups are also performed and written to these devices. This is performed using the tools to make full virtual machine copies of each machine. This allows each machine to be quickly moved, recovered or duplicated for staging and testing purposes.

Solid documentation of each configuration change

Configuration management is maintained and vetted in staging environment prior to implementation into production environment. A large-scale restoration can often be avoided if proper implementation directions and configuration management are maintained. Problems are also avoided by solid testing prior to implementing in a production system. Therefore, each significant system configuration change performed on the servers is documented and performed into the staging environment prior to implementation in the production environment.