Just for fun, my new Windows wallpaper:
Category Archives: Governance
non-linear creations’s Amanda Holstrom at SharePoint Conference 2011 in Anaheim #SPC2011
My esteemed non-linear creations colleague Amanda Holstrom is in Anaheim at the official SharePoint Conference.
She’s been blogging about the sessions she’s attended, including Microsoft’s Records Management approach, SharePoint Search, and how Telus uses social media to change their educational model.
See Ms. Holstrom’s blog at http://holstrom.blogspot.com.
Non-Linear Creations releases SharePoint 2010 Visio Stencil Kit for rapid mockupping
My employer, non-linear creations, has recently made available a great free download on their website: SharePoint 2010 Visio Stencils for mocking up and designing SharePoint sites and artifacts.
DOWNLOAD: non-linear creations SharePoint 2010 Visio Stencil Kit
Non-linear creations (NLC) has captured site templates and web parts that ship with SharePoint within a series of Visio 2010 stencils. NLC’s SharePoint 2010 Stencil Kit enables user experience designers to mock up functionality for SharePoint quickly; while ensuring that pre-existing solutions are considered prior to designing features from scratch.
Who would benefit most from this stencil kit?
NLC’s SharePoint 2010 Stencil Kit is available to anyone who is in the early stages of a SharePoint planning project. This could be a business analyst, a corporate communications/intranet manager trying to convey concepts to a development team or a user experience designer.
Why would I want to download this?
Designing for SharePoint can be challenging. While almost anything is possible with enough time, money and electricity. Seemingly minor design decisions can add weeks to a development project. NLC’s team of SharePoint experts created these stencils to help mock up SharePoint sites quickly, using the web parts and site templates that ship with the product. Using the stencils is faster than prototyping directly in SharePoint, but still accurate enough to reduce risks of introducing design elements that inadvertently affect upgrade paths or extend development time unnecessarily.
How will this help me save time or money?
When exploring how requirements map to an interface, NLC has found that prototyping directly in SharePoint can take a while and occasionally, certain custom functionality becomes very difficult to emulate within a short period of time. With the stencils, mockups can be developed and circulated with project teams and in a matter of hours.
Why are we giving this away?
As thought leaders in the SharePoint space, NLC believes in sharing our vast expertise to benefit the SharePoint community and continue to successfully entrench SharePoint technology within the enterprise. Because designing for SharePoint continues to be a challenge for most, we hope NLC’s SharePoint 2010 Stencil Kit will alleviate some of those frustrations.
Anything I should know about how to use these stencils?
You must have Visio 2010 to use the stencils. To use them, copy the .vss files, into: Documents > My Shapes.
What’s included in the SharePoint stencils:
SharePoint Site Templates
- Assets Web Database
- BI Center
- Blank Site
- Blog
- Blog Post with Comments
- Charitable Contributions Web Database
- Contacts Web Database
- Document Workspace
- Document Center
- Enterprise Wiki
- Group Work site
- Issues Web Database
- Meeting blank
- Meeting Basic
- Meeting Decision
- Meeting Multipage
- Meeting Social
- Projects Web Database
- Publishing Portal
- Publishing Site
- Records Center
- Search Basic
- Search Enterprise
- Team Site
- Visio Process Repository
SharePoint Web Parts
- Announcements
- Calendar – (Group Calendar, Web part, Event List)
- Calendar Page – (Day, Week, Month)
- Circulations
- Content Editor and Query
- Directions
- Discussion – List
- Discussion Page – Threaded
- Documents
- Form – HTML
- Image Viewer
- Links Basic Links – Bullets
- Links Banded and Vertical
- Links- Horizontal Groups
- Links Groups + Description
- Links – Large & Small Header + Descriptions
- Media Web Part
- Meeting Agenda, Decisions, and Objectives
- Meeting Attendee (Long and short)
- Meetings Things to Bring
- Phone Call Memo
- Picture Library –(List, Thumbnail, and Slideshow)
- Picture library – (Page, and Image Details)
- Profile – (Overview, Tags, and Notes)
- Profile – Org – (HTML and Silverlight)
- Profile – (Content, Colleagues, and Memberships)
- Relevant Documents
- Resources
- Search – (Results and Advanced)
- Site Users
- Tasks – (SM and LG)
- Whereabouts (in/out) – SM
- Wiki – (SM and LG)
Other Elements
- Calendar Event
- Checkbox
- Document Icon
- Form Field
- Grouped List – Closed
- Grouped List – Open
- Image
- Jellybean
- List Column
- Navigation – Top
- Navigation – Left
- Richtext
- Web part Heading
- Web part Footer
Six questions you must ask your SharePoint developer / vendor
Although many organizations that use SharePoint employ internal developers to create custom solutions, every customer organization I’ve encountered in my ten years of SharePoint consulting has used external vendors for at least some development. These vendors include individual contractors, Microsoft Certified Partner firms like non-linear creations, and independent software vendors (ISVs) like Bamboo Solutions or K2.
Whether you use internal employees or third-party vendors, and whether an application is a simple web part or a complex business-process automation, you must not deploy it until you know it can be trusted. A poorly-written application can slow (or bring down) your entire SharePoint farm. It can destroy or corrupt data in your databases, or critical files on your servers. It can also circumvent your security, opening you up to all manner of attacks.
Below are six critical questions that you must ask any SharePoint developer, internal or external.
1. Is this a Sandboxed Solution?
Prior to SharePoint 2010, the only option available to the customer was to deploy every solution as a Farm Solution, where files are deployed to the file system and the code runs in the same execution space as SharePoint itself. If the solution is well written and behaves itself (for example, by NOT hogging all the server memory and crashing the SharePoint site it lives in), this is not a problem. But since the quality of custom SharePoint solutions is fully dependent on the developer/vendor, deploying a Farm Solution calls for a lot of trust on the part of the server administrator/customer.
Overcoming the customer’s understandable reluctance to deploy Farm Solutions was the driving force behind the introduction, with the 2010 product release, of Sandboxed Solutions. Sandboxed Solutions are web parts, Lists or other SharePoint features that run isolated from your SharePoint sites. By default, a Sandboxed Solution cannot access or affect anything outside of the local SharePoint site; external databases, web services, and the file system are all off limits. Your server administrators can apply limits and quotas to the Solution, so that if it misbehaves by (for example) hogging server memory, SharePoint 2010 will shut it down.
Your developers/vendor may complain that Sandboxed Solutions are additional work. They may say that they are too neutered and can’t do anything useful. However, for a solution that requires access only to the local sites, lists and libraries, the latter isn’t true. And Sandboxed Solutions can be given additional permissions safely by using something called Full Trust Proxies, which let your vendor’s code request specific rights, while remaining isolated from the SharePoint execution space.
Now that we have Sandboxed Solutions, a SharePoint developer’s first question (and yours) when designing a new feature should always be, “can I write this as a Sandboxed Solution?”.
2. If it’s not Sandboxed, does it run as fully or partially trusted?
Sandboxed Solutions are still quite new, and do require extra work, so they are not yet the industry standard (this will change very soon). And there will always be some solutions that can run only as Farm Solutions. You will still have occasions, then, when it will be acceptable to deploy a Farm Solution. But if your vendor or in-house developer delivers you a Farm Solution, you must know if it partially or fully trusted.
With a fully-trusted solution, your developer’s code can access the file system on your SharePoint servers, it can access the Windows Registry — it is pretty much an administrator. From a developer’s viewpoint, this is the fastest and easiest way to develop. But with the availability of Sandboxed Solutions and partially-trusted solutions, there are very few reasons for you to accept a fully-trusted solution.
A partially-trusted solution has no innate rights, and must be explicitly granted permissions (in a special configuration file called a Code Access Security policy) to do anything. The developer must provide this file, which you can inspect.
3. Does it use Elevated Privileges?
If for some reason your vendor must provide you with a fully-trusted solution, you must not deploy it until you understand everything it is going to try to do.
One of the key questions in the vetting process: does it use RunWithElevatedPrivileges? This is a SharePoint feature that is exactly what it sounds like. By default, when your vendor’s code tries to do something like access a SharePoint document, it impersonates the user browsing the page; the code can’t do anything the user can’t do. However, a fully-trusted solution (or a partially-trusted one granted the permission) can use RunWithElevatedPrivileges to temporarily impersonate an account that has Full Control of your SharePoint application.
RunWithElevatedPrivileges is a powerful tool that must be used sparingly, because it can circumvent your carefully-planned SharePoint security.
Something else that can circumvent your security is Feature Event Receivers.
4. Does it use Feature Feature Receivers?
A Farm (non-Sandboxed) Solution can include small bits of code that run when your server administrator installs or uninstalls a custom solution. For example, the solution may depend on the existence of an external database; a Feature Event Receiver can confirm that the database exists, and create it if necessary.
Feature Event Receivers enjoy full administrative privileges on your server farm, so it is very important that you fully understand what they are programmed to do.
5. Where does it store configuration settings?
Many applications need a place to store configuration settings (e.g., database connection strings, or an email address for alerts). If your vendor’s solution uses the main configuration file (web.config) for this purpose, you increase your risk because this file may be shared by hundreds of SharePoint sites on your farm, and the slightest typo can bring them all down.
In general, an experienced SharePoint developer will not provide you a solution that requires manual entries to web.config. Instead, a Sandboxed Solution will keep its settings in a local SharePoint list, and a Farm Solution will do the same or include a Feature (or Feature Event Receiver) that adds settings to the web.config file automagically on installation (and removes them on uninstallation).
6. Where does it log messages?
Finally, an experienced vendor will develop a solution with extensive logging. Even if the code has been developed defensively and tested thoroughly (two other things you need to ask about), even the best software goes wrong occasionally. When that happens in a production environment, you need to know exactly what happened so it can be diagnosed and remedied. An application can log messages to the Windows event log, a database table, the SharePoint Unified Logging Service, or a SharePoint List. Before you deploy the solution, you need to know which of these places it logs to, what kinds of messages it logs (is logging too verbose? Too sparse?), and whether the logging can be configured (is logging off by default? Are there different modes — Errors Only, Verbose, etc.?). If there is no way for you to get enough information when something goes wrong to at least understand what happened, without involving the vendor, this is a sign of a poorly-designed solution.
These questions are only a sampling of the kind of due diligence required of you as the owner of a SharePoint environment. As in any business relationship, the key ingredient is trust.
