Thanks to everyone that attended this webcast on March 28th. We had a great turn out. Christian Buckley and I were very happy to speak to everyone on this important topic. Look for more detailed information coming soon to this blog related to things you need to consider when looking at moving business workloads like SharePoint to the cloud.
You can find a link to the presentation deck here.
You can find a link to the on-demand version of the webcast here.
If you had any questions that were not answered during the call, please feel free to reach out to me.
-Antonio
Welcome - Sharing information with the community related to Microsoft SharePoint security, information protection and permissions. Topics will also cover identity federation, claims and software development. Articles will at times be technical and focussed at developers/architects. They will also be higher level and discuss concepts and customer use cases. Have a look around, share your thoughts and I do hope you find some helpful content.
Friday, March 29, 2013
Wednesday, March 27, 2013
March 28th Webinar - SharePoint Governance: The Impacts of Moving to the Cloud
Webinar: Thursday, March 28, 2013 11:00 AM - 12:00 PM EDT
Register today for this webcast to learn the pros and cons of moving to the Cloud: https://www2.gotomeeting.com/register/714036874.
Is your enterprise considering a move to the Cloud? Are you aware of the benefits and risks of moving SharePoint and key workloads to a Cloud environment?
Join Microsoft SharePoint MVPs Christian Buckley, Director of Evangelism, Axceler and myself for a discussion on functional trade-offs of the platform, potential impacts and risks that need to be considered when moving SharePoint to the Cloud. This webinar will cover topics such as:
• SharePoint capabilities in Office365
• Existing investments that organizations have made in customizing SharePoint
• Data sovereignty
• Regulatory compliance
Is SharePoint Online the right decision for you?
Understand the impacts to your business of moving to the cloud in order to determine if your enterprise is ready?
Hoping you can join us. We're looking forward to the discussion and taking people's questions.
- Antonio
Register today for this webcast to learn the pros and cons of moving to the Cloud: https://www2.gotomeeting.com/register/714036874.
Is your enterprise considering a move to the Cloud? Are you aware of the benefits and risks of moving SharePoint and key workloads to a Cloud environment?
Join Microsoft SharePoint MVPs Christian Buckley, Director of Evangelism, Axceler and myself for a discussion on functional trade-offs of the platform, potential impacts and risks that need to be considered when moving SharePoint to the Cloud. This webinar will cover topics such as:
• SharePoint capabilities in Office365
• Existing investments that organizations have made in customizing SharePoint
• Data sovereignty
• Regulatory compliance
Is SharePoint Online the right decision for you?
Understand the impacts to your business of moving to the cloud in order to determine if your enterprise is ready?
Hoping you can join us. We're looking forward to the discussion and taking people's questions.
- Antonio
Tuesday, March 19, 2013
Help Microsoft Focus on Customers and Partners!
As part of the Microsoft community, we often work with Anthony, Pierre and Mitch, the evangelists from the IT Pro team at Microsoft Canada. They asked us to share this important message with you.
The team at Microsoft Canada is focused on ensuring that they help set you up for success by providing the information and tools you need in order to be get the most out of Microsoft based solutions, at home and at work.
Twice a year, Microsoft sends out the Global Relationship Study (GRS for short); it’s a survey that Microsoft uses to collect your feedback and help inform their planning. If you receive emails from Microsoft, subscribe to their newsletters‚ or you’ve attended our any of their events you may receive the survey.
The important details:
- Timing – March 4th to April 12th 2013
- Sent From – “Microsoft Feedback”
- Email Alias – “feedback@e–mail.microsoft.com”
- Subject Line – “Help Microsoft Focus on Customers and Partners”
Many of you already read the Microsoft Canada IT Pro team’s blogs‚ connect with them on LinkedIn and have attended their events in the last year or so. So you may already know that you’re their top priority. So they want to hear from you.
Pierre, Anthony and Mitch use the GRS results to shape what they do, how they do it and if it’s resonating with you. Tell them what you need to be the “go-to” guy or ga). Tell them what you need to grow your career. They want you to be completely satisfied with Microsoft Canada.
This year, Pierre, Anthony and Mitch have delivered 30 IT Camps and counting across the country. Giving you the opportunity to get hands on and learn how to get the most value for your organization. They have a few more events planned this year, so keep an eye on their plancast feed for events near you. Based on your feedback, topics they’re planning to cover will include:
Resources, Tools and Training
- Windows 8
- Windows Server 2012
- System Center 2012
- Private Cloud
- BYOD – Management and Security
In addition to this, there are some valuable online resources you can use like Microsoft Virtual Academy, Microsoft’s no-cost online training portal. Or software evaluations (free trials) on TechNet that allow you to build your own labs to try out what you’ve learned.
Regardless of how you engage with the team at Microsoft Canada‚ you’d probably agree that they hear you. They’d also encourage you to continue to provide that great feedback. They thrive on it‚ they relish it‚ they wallow in it and most importantly of all‚ they action it. So please keep connecting with them and keep it coming! Pierre, Anthony and Mitch are listening.
Resources, Tools and Training
· Tim Horton’s Gift Card Contest – We’re giving away 350 Tim Horton’s gift cards, all you have to do to qualify is download a free qualifying software evaluation (trial). Download all three for more chances to win, but hurry, the contest closes soon.*
· Windows 8 Resource Guide - Download a printable, one-page guide to the top resources that will help you explore, plan for, deploy, manage, and support Windows 8 as part of your IT infrastructure.
· Windows Server 2012 Evaluation – Get hands on with Windows Server 2012 and explore the scale and performance possibilities for your server virtualization.
· Microsoft Support - Get help with products‚ specific errors‚ virus detection and removal and more.
· Microsoft Licensing -Visit the Volume Licensing Portal today to ask questions about volume licensing‚ get a quote‚ activate a product or find the right program for your organization.
*No purchase necessary. Contest open to residents of Canada, excluding Quebec. Contest closes April 11, 2013 at 11:59:59 p.m. ET. Three-Hundred-and-Fifty (350) prizes are available to be won: (i) $10 CDN Tim Horton’s gift card. Skill-testing question required. Odds of winning depend on the number of eligible entries. For full rules, including entry, eligibility requirements and complete prize description, review the full terms and Conditions.
Updated SharePoint 2013 Software Boundaries and Limits: Unique Permissions
I am really happy to report a recent update to the SharePoint 2013 Boundaries and Limits web page. Large enterprises in particular can have extremely large requirements for their SharePoint environments and this site has proven to be invaluable in determining what SharePoint can do, what it can't do and which boundaries can be pushed to the brink.
The update I want to highlight is related to SharePoint security scopes. Security scopes in SharePoint are also referred to as "unique permissions" or "fine grained permissions". People often think of fine grained permissions when they refer to a document or library that requires some unique permission for a user or group (for example, a spreadsheet containing senior executive salaries might require unique permission to prevent other individuals from being permitted to view or access it). In fact, whenever permission inheritance is broken on a document, item, folder, library or subsite, a new security scope is created.
For years, advisors in the SharePoint community have been telling SharePoint administrators and consultants that they should avoid fine grained permissions because this would cause performance issues for end users when navigating through SharePoint or retrieving content that needs to be security trimmed. As well, there was a lot of confusion in the community about whether the threshold at which performance issues started was 1000 or 5000 security scopes. There were several Microsoft publications on this topic with differing numbers. In fact, this limitation was previously true in older versions of SharePoint and in early releases of SharePoint 2010.
However, this limitation has been seen for some time as a real problem for many organizations that deal with very sensitive information. Examples of these are the military, governments, defense organizations and large regulated enterprises. They deal with large amounts of very sensitive information and very strict regulatory compliance requirements, so creating new sites or libraries with specific permissions and having all content within inherit those permissions is simply not practical in these environments.
I'm very happy to say that Microsoft has finally updated this threshold!
Microsoft actually released an update to SharePoint 2010 in the summer of 2011 to address this issue. With SharePoint 2010 Service Pack 1, with the August 2011 cumulative update or higher, this threshold on security scopes was actually raised to 50,000. As well, the point at which multiple round trips to the SQL database occur was clarified - its actually when the number of unique security scopes (unique permissions) in a list or library exceeds the List View Threshold setting. Its not a hard setting of 5000 items that triggers multiple SQL roundtrips to occur.
Despite this very significant update, the documentation related to this threshold was not updated at that time. SharePoint 2013 was released with the same security scope threshold of 50,000. The goal for that release was to hold this line, which is great. However, again the documentation was not updated.
At last, as of March 5, 2013, the documentation related to this threshold has now been updated to reflect this change!
The full site on SharePoint 2013 Boundaries and Limits can be found here: http://technet.microsoft.com/en-us/library/cc262787.aspx. A big thank you to the Microsoft folks I've been speaking with about this issue for making the update!
At TITUS we have been working in the realm of unique permissions and security scopes for years. We work with military, government organizations and large enterprises around the world helping them to secure access to sensitive information in SharePoint. So this is a welcome change. We have had customers in the field with several libraries and lists containing between 50,000 and 60,000 unique security scopes, and after significant testing after the update to SharePoint 2010 Service Pack 1 (with appropriate CUs) they've found that their end users are not experience performance issues when navigating these lists and libraries or searching for content.
Its important to note that the Security Scope value is a threshold and not a hard limit, so you can surpass 50,000 if you really want to or if you can throw enough hardware at the problem. Remember, the number which can be used without experiencing performance issues is not unlimited, so unique permissions must still be applied appropriately where needed. That said, they are a useful tool in cases where sensitive information or regulatory compliance requirements requires that permissions be applied at a fine grained level in order to ensure the right users are accessing the right information... and I would suggest that we in the community can stop recommending against their usage.
This is a significant and welcome change for Microsoft SharePoint, especially in environments that deal with sensitive information, or compliance obligations.
- Antonio
The update I want to highlight is related to SharePoint security scopes. Security scopes in SharePoint are also referred to as "unique permissions" or "fine grained permissions". People often think of fine grained permissions when they refer to a document or library that requires some unique permission for a user or group (for example, a spreadsheet containing senior executive salaries might require unique permission to prevent other individuals from being permitted to view or access it). In fact, whenever permission inheritance is broken on a document, item, folder, library or subsite, a new security scope is created.
For years, advisors in the SharePoint community have been telling SharePoint administrators and consultants that they should avoid fine grained permissions because this would cause performance issues for end users when navigating through SharePoint or retrieving content that needs to be security trimmed. As well, there was a lot of confusion in the community about whether the threshold at which performance issues started was 1000 or 5000 security scopes. There were several Microsoft publications on this topic with differing numbers. In fact, this limitation was previously true in older versions of SharePoint and in early releases of SharePoint 2010.
However, this limitation has been seen for some time as a real problem for many organizations that deal with very sensitive information. Examples of these are the military, governments, defense organizations and large regulated enterprises. They deal with large amounts of very sensitive information and very strict regulatory compliance requirements, so creating new sites or libraries with specific permissions and having all content within inherit those permissions is simply not practical in these environments.
I'm very happy to say that Microsoft has finally updated this threshold!
Microsoft actually released an update to SharePoint 2010 in the summer of 2011 to address this issue. With SharePoint 2010 Service Pack 1, with the August 2011 cumulative update or higher, this threshold on security scopes was actually raised to 50,000. As well, the point at which multiple round trips to the SQL database occur was clarified - its actually when the number of unique security scopes (unique permissions) in a list or library exceeds the List View Threshold setting. Its not a hard setting of 5000 items that triggers multiple SQL roundtrips to occur.
Despite this very significant update, the documentation related to this threshold was not updated at that time. SharePoint 2013 was released with the same security scope threshold of 50,000. The goal for that release was to hold this line, which is great. However, again the documentation was not updated.
At last, as of March 5, 2013, the documentation related to this threshold has now been updated to reflect this change!
Security Scopes Section in SharePoint 2013 Boundaries and Limits Documentation |
The full site on SharePoint 2013 Boundaries and Limits can be found here: http://technet.microsoft.com/en-us/library/cc262787.aspx. A big thank you to the Microsoft folks I've been speaking with about this issue for making the update!
At TITUS we have been working in the realm of unique permissions and security scopes for years. We work with military, government organizations and large enterprises around the world helping them to secure access to sensitive information in SharePoint. So this is a welcome change. We have had customers in the field with several libraries and lists containing between 50,000 and 60,000 unique security scopes, and after significant testing after the update to SharePoint 2010 Service Pack 1 (with appropriate CUs) they've found that their end users are not experience performance issues when navigating these lists and libraries or searching for content.
Its important to note that the Security Scope value is a threshold and not a hard limit, so you can surpass 50,000 if you really want to or if you can throw enough hardware at the problem. Remember, the number which can be used without experiencing performance issues is not unlimited, so unique permissions must still be applied appropriately where needed. That said, they are a useful tool in cases where sensitive information or regulatory compliance requirements requires that permissions be applied at a fine grained level in order to ensure the right users are accessing the right information... and I would suggest that we in the community can stop recommending against their usage.
This is a significant and welcome change for Microsoft SharePoint, especially in environments that deal with sensitive information, or compliance obligations.
- Antonio
Subscribe to:
Posts (Atom)