Thursday, October 13, 2011

Stevey's Google Platforms Rant: Awesome Insight Into the Web Platform Wars

FASCINATING blog post from a Google engineer who used to work for Amazon.com. While the gist is a rant about Google+, the bits I dig are around Amazon’s transformation into a Service Oriented Architectural company (as well as hearing some insights about Amazon, a company I greatly admire).

Some insights about massive SOA:

  • “every single one of your peer teams suddenly becomes a potential DOS attacker. “
  • “if you have hundreds of services, and your code MUST communicate with other groups' code via these services, then you won't be able to find any of them without a service-discovery mechanism. And you can't have that without a service registration mechanism, which itself is another service. So Amazon has a universal service registry where you can find out reflectively (programmatically) about every service, what its APIs are, and also whether it is currently up, and where.”
  • “monitoring and QA are the same thing.” … “In order to tell whether the service is actually responding, you have to make individual calls. The problem continues recursively until your monitoring is doing comprehensive semantics checking of your entire range of services and data, at which point it's indistinguishable from automated QA. “
  • “Organizing into services taught teams not to trust each other in most of the same ways they're not supposed to trust external developers.”
  • “ Bezos realized long before the vast majority of Amazonians that Amazon needs to be a platform.”
  • “That one last thing that Google doesn't do well is Platforms. We don't understand platforms. We don't "get" platforms.“
  • “The Golden Rule of Platforms, "Eat Your Own Dogfood", can be rephrased as "Start with a Platform, and Then Use it for Everything."  "”

My whole love affair with SharePoint revolves around it being a platform. You can read the whole post here: https://plus.google.com/112678702228711889851/posts/eVeouesvaVX 

Hopefully they don’t yank it down!

Wednesday, October 05, 2011

SharePoint Conference 2011: Using Claims for Authorization in SharePoint 2010

Rough notes of the presentation by Antonio Maio at Titus Inc. Antonio walked everyone through a complicated Claims setup and made it look pretty easy.

Agenda

  • What are Claims?
  • How they are used in 2010
  • Enabling Authorization through claims
  • Customer requirements and scenarios
  • Infrastructure and Architecture
  • Demonstrations
  • Benefits and Goals

What are Claims?

User attributes

Metadata about a user

AD Attributes / LDAP Directory Attributes

But really it’s an assertion I make about myself – “I’m a senior product manager” – and claims can be believed if they are backed up by a trusted identity provider.

Allows us to solve problems like federation and complicated authentication schemes

Deciding what we can see and do not only based on who we are but on our clearances or the type of data, or even if we connect via a secure connection and so on.

Examples – Claims about Antonio

  • Name: Antonio Maio
  • Department: Product Management
  • Security Clearance: Secret
  • Employment Status: FTE
  • Country of Birth: Canada
  • ITAR Authorized: No

How Are Claims Used In SharePoint 2010?

  • Authentication
  • Single Signon across systems across domains
  • Maintain End User privacy (you can configure who can see what)
  • Authorization

Claims for Authentication in SharePoint 2010

New option in SP2010

Allows: Claims Based, Classic Mode (Windows), and Forms Based – must be configured via claims

Using Claims – authorization can be specific to the user. Can be dynamic – ex changes in security clearance. Consider environmental attributes (ex current time, geo location, connection type, etc).

Enabling Authorizations Through Claims

Infrastructure and configuration has to be considered. Where are you going to store, manage, and retrieve claims.

Planning is required – policies

Development required or 3rd party applications. Native SharePoint 2010 functionality is manual. Use WS-Trust and WS-Federation to retrieve and validate claims. Design apps to verify specific required claims only – remember privacy.

Customer Scenarios

How do customers want to make use of Claims?

Document Metadata + User Claims

Ex Document classification and a user’s security clearance

Goal: Sensitive content sitting beside non-sensitive content

Policies and rule-based system that determines access control

Automation is critical and policies are simple to start.

"I believe you shouldn’t let security policies dictate where you manage your content”.

Keep policies simple to start and let the business drive new requirements.

Customer Scenario #1:

Claim: Employee Status.

Document Metadata: Classification (High Business Impact,Moderate Business Impact, Low Business Impact)

If employee.status=FTE and document.classification = HBI them PERMIT access to document

If employee.status=Contract and document.classification = HBI then DENY access to document

Customer Scenario #2:

Claim: Group membership

Document Metadata: Project

If user belongs to GroupX and belongs to GroupY and document.project=”eagle” then PERMIT access to document

If user belongs to Groupx and DOES NOT belong to GroupY and document.project=”eagle” then Deny access to document

Customer Scenario #3:

Claim: Client Case Numbers

Document Metadata: Document Case Number

If document.case=X AND client.casenumbers includes X then PERMIT access

If document.case=X AND client.casenumbers DOES NOT include X then DENY access

Infrastructure and Architecture

Client Web Browser talking to SharePoint:

1. User login (with user name and password)

2. SharePoint requests token  from Secure Token Server (ADFS v2 is an example)

3. ADFS2 wants to get claims about the user

4. Packages these claims up and signs them. Because there is a trust relationship set up between SP2010 and the claims provider SharePoint will trust this package

5. Then SharePoint does something with this claim token for authorization. SharePoint is the Relying Party application (it is RELYING on the trusted identify provider (ADFS in this case) for the claims

Demo

AD is running on its own W2008 R2 server. Using default schema, using OrganizationalStatus attribute

Setup

1, ADFS v2 Configuration – installed as Federation Server and IIS has self=signed certificate

2, Use Wizard to create new Federation Service in IIS – note the Federation Service Name.

3. Add a Claims Description – note the claims type URL

EmployeeStatus added by Adding Claim Description – uses this URL – http://schemas.sp.local/EmployeeStatus in the example and sends Claim to calling application

4. Add Relying Part Trust – selected WS-Federation Passive Protocol. Relying Part URL = “Federation Service Name” + “/_trust/”

Relying Party Trust Identifier – urn:ServerName:application – urn:sp-server-2010.sp.local:sharepoint2010

5. Create Claims Rules for the Relying Parties. Add SharePoint 2010 trust rule – use templates – Send LDAP attributes as Claims which allows us to map LDAP mappings to claims.

ex LDAP attribute: mail maps to E-Mail Address outgoing claim attribute

LDAP attribute: organizationalStatus maps to EmployeeStatus which we created earlier

7. View and export the ADFSv2 Token Signing Certificate = c:\adfs20Certificate.cer

Transforming Claims – Claims Rule Language

example: send custom claim called “EmployeePermission” with the value of Full Control if the user belongs to the SeniorManagement group and if the value of the employee’s organization attribute in AD is “Titus”

http://technet.microsoft.com/en-us/library/dd807118%28WS.10%29.aspx 

SharePoint 2010  Configuration

1. Create a new web app in central admin. Use Claims Based. Use NTLM to start. Ensure public URL matches the one in the ADFSv2 certificate – trust between this web app and the ADFSv2 server

Do not create a site collection yet

2. In IIS, setup SharePoint Site to use SSL

3. use powershell to map the claim types in SharePoint

Have to run new claims using Powershell

Will be provided on Titus.com blog where the information will be available on these steps.

4. In Central Admin, access authentication providers and check Trusted Identify Provider and then check next to the ADFSv2 Provider you added. Normally you would remove NTLM

5. Create your site collection.

6. Create sites and libraries.

 

Authorization Policies

Questions you need to ask:

  • Which policies are right to protect the business?
  • Which user attributes are important? Are you using AD or LDAP or something else?
  • Which content items or content types are important?
  • Which policy language do you need? (XACML, SECPAL, etc)

Tip: Keep it simple

Titus Demo

Install Metadata Security product as a Farm Solution

Apply rules to items or folders

Created 3 rules – High Business Impact, Moderate business impact, Low business impact.

Showed how Bob could log in as a contractor and not see HBE docs, could read Moderate impact, and could edit low business impact.

Then changed Bob in AD to be a Full Time Employee, and now Bob had full control over everything.

Goals and Benefits of Titus Metadata Security

Benefits:

  • Security is automated
  • Security is consistent
  • Data Governance and Compliance Policies are fine grained.

Summary

Authentication and Authorization are different but both important. Use Claims today in SharePoint 2010.

Infrastructure and Planning is required

Plan policies with business stakeholders – Keep Simple to Start!

SharePoint Conference 2011: How eBay Successfully Upgraded their Intranet to SharePoint 2010

These are my rough notes of the presentation by Ramin Mobasseri and Chris Givens of eBay. The Hub is pretty impressive for the way it organizes information for its users and the lengths it goes to in order to default metadata for improved searching.

Agenda

  • Why upgrade?
  • Methodology
  • About the Upgrade (Technical)
  • About the Upgrade (Tactical)
  • About the Upgrade (Functional)
  • Q&A

Why Upgrade

On MOSS 2007.

Got more complex requirements from business users who didn’t want to write code.

Better search.

Enterprise Social Networking

Better device and browser compatibility.

Demo: The Hub – the core eBay site. ESN is Enterprise Social Networking. Proud of combining managed metadata store with FAST search.

Extensively branded (yellow, large icons for the main menu items.

Global Nav

  • Who We Are
  • News
  • My HR
  • Teams
  • Workplace
  • Our Businesses

Have people search and all sites search at the top of each master page.1 click people search using FAST and typeahead

People results

Contact Info, Department info

Search Best Bets

People look for 3 scopes of things at eBay

1. Business Unit

2. Location.

3. Organization

Managed Metadata filters on the left to allow those scopes. DIfficult to tag pre-existing sites with managed metadata

Upon creation of a site you get Best Bets added automatically

Visio Services

Used by IT Tools team – wanted way to watch health of their servers at all times. Didn’t want to spend money. Took 45 minutes to draw visio diagram and connect to backend systems. Can filter by Production and DR environments or by Dev environments.

Why Upgrade

Social Media at work – did pilots – decided on Yammer, Chatter, Newsgator, and other social networkings. Decision to not dictate technologies on end users, but recommend tools they feel are best.

1st Attempt – try to integrate these tools. If it doesn’t succeed, we aggregate.

List of social networking services under My Social link

End users can make a post and it sends to multiple networks.

Expertise locator tag cloud

Expertise Search

Better Browser and Device Compatibility

Built feature grid – against all browsers. And put a level of support from 0 to 4.

Better performance: Increased performance by 29% (for global users) since servers are based in Denver.

Upgrade Methodology

Upgrade took 3 months.

Agilistic Scrum over the Spiral Waterfalls!

Blend of project methodologies. Started in Agile mode. Had MS Architects vet the scrums to make sure everything was in place. Meanwhile business analysts could create waterfall project plan.

Communication Plan: Write to end users, team site owners, don’t surprise them. They used a grid:

Subject | Type | Target Users | Description | Date Sent.

Governance Plan: Your blueprint. Over 345 new features – yes or no answers with each team and work with IT Operations to get their blessing. If “Yes” how is it configured and who can do what?

Feature Matrix for each set of features.

About the Upgrade (Technical)

Had access to MS Architects to ensure everything was possible.

Project Requirements:

  • 3 month timeline, multiple solutions to be upgraded.
  • Data  Mining/ Farm Documentation
  • Detailed Analysis of existing farm
  • 3rd party solutions audit.

Ran a source code comparer to diff the SharePoint files in 12 hive against the OOTB files.

Biggest challenge was 3rd party solutions. Had to build whole mockup of 2007 environment and then try migrations into 2010 to see what broke.

You need business users who can test this to see if it works or not.

Environment:

Large server farm. 14 servers, 20,000 users world-wide, 12,000 sites and 33,000 My Sites. 20+ content databases.

Disaster Recovery. Redundant Data Centers for failover.

eBay has full failover – 4 hour failover time window.

$1.5 M of hardware.

Hardware and Performance Topics

Farm Configuration: Had to figure out capacity planning, how many servers, what the SLA’s are and tolerance for risk. For Disaster Recovery you might have to double the costs.

Microsoft offered access to MS Data Centers to test performance. Problem: eBay required other systems to be connected so that didn’t really work. Microsoft provided Architecture review.

IOPS are VERY important – FAST requires high Input Output for disks

SANs – very expensive, work with SQL Server. Everything else is Direct Attached drives for WFE and App servers.

Capacity Planning -  how many users concurrently – what will the transaction mix be? Plan for growth.

VS Ultimate Test Tools – allows for performance testing of your applications.

Performance Optimizations: Page weights, global network.

High latency network can cause end user dis-satisfaction. Top 3 HTTP request types tend to be: CSS, Images, JS

How to minimize the page weights?

  • Minimize the CSS (remove un-used CSS classes)
  • Compress the CSS
  • Make images 1px wide
  • Minify the JS files

Got page weights down to 67k. Users were happier in global locations

Caching:

  • IIS Output Cache – causes weird page weight issue with browser
  • ASP.NET Caching
  • BlobCache -
  • ProxyServers
  • CDNs

About the Upgrade: Tactical

Provisioning a site – a  custom form. Long running process within a webpart. Anyone can create a site, IT gets a notification.

You specify a Business Unit, Organization, and Office Location default values using Managed Metadata. So when they search it will automatically filter from those sites with those values, they don’t have to do anything. They can find their site using their keywords. This took the longest time.

Rich Proifles: Encourage the end users to modify their user profiles

Offer them incentives.

Get rid of unwanted unused sites (clean your house)

Start your brownbag series early

Build an Upgrade Community to get feedback

Have weekly status meetings with the stakeholders

Make sure you have a Technical PM on the team

Watch out for the phrases: “That’s taken care of” or “That’s finished” – you have to test.

Test test test test

Productivity Hub

Power User Training

About the Upgrade: Functional

Master Pages – colliding requirements between functional groups

Editorial Issues: Did you use Word to edit in MOSS

Watch out for DIV and SPAN tags

Rich Text Editors and Content Editor webparts

The Ribbon: You will see some resistance. Users will settle after training

3 sets of users: Pioneers, Settlers, Stay-Behinds

Managed Metadata Services - Brilliant for search. Allow time for Information Taxanomy, do not rush! Planning to add them to lists and libraries (auto-tagging)? Watch out for Datasheet views.

Service Packs – don’t do SP for 6 months. But plan for it early

Questions

How many people were on the project? 3 devs, 3 IT Pros, 2 PMs (9 or 10 people for 3 months)

Physical or virtual? FAST and Admin was virtual, otherwise it was all physical (due to internal eBay policies)

Training: 20,000 user base – have trained 150 users so far. Train the trainer – Productivity Hub is 3rd most visited hub in the last few months so this is helping with training

Methodology – what do they recommend? Use whatever works. eBay recommends Scrum in Dev and get branding requirements via traditional models. Dev moved ahead while waiting for requirements (had a general idea)

Did you have to change any functionality? Had to rename thousands of host header name changes. InfoPath data connections were statically set – big issue.

Did you have constructive feedback on the intranet? Yes – put up a blog on the issues – have weekly call with Microsoft on post-upgrade lessons learned keeping Microsoft informed

Migration Approach? Was Database Attach in new farm. All database fail – that’s a given. The amount of time it takes to upgrade is directly related to the number of sites – so delete all the empty ones.

SharePoint Conference 2011: Integrating Social Media with SharePoint Websites

These are my rough notes from an SPC presentation by Brian Rodriguez and Ryan Sockalosky. Awesome session – my favourite type – really matter of fact and presenting and solving issues clearly.

Leveraging Social Media Example

Examples of leveraging social media on Facebook sites.

Ticketmaster on FaceBook: Daily Deals, large following, evangelism, popular items. Popularity leads to large revenue.

Front and center placement, put the like button as part of purchasing experience. You go to concerts with your friends and your friends are on facebook.

What can you do to leverage Social Networks?

Help users “Like", Tweet, and share content. Reach a broader audience. Allow your customers to evangelize for you. Drive traffic to your site.

How to Do it: Facebook

Facebook Plugins – developers.facebook.com has plugins you can use.

iFrame or XFBML (facebook XML language)

Some options: Like button, send messages, embed activity feed

plugin on page.

Facebook OpenGraph Protocol – you can use Facebook insights to get insights into traffic patterns, who is liking what

How to do it: Twitter

Embed twitter RSS feed into your page, embed plugin to allow tweets from a page.

How to Do It: Other Social Networks

AddThis – social network sharing

Demos

Contoso eletronics website

Add “Follow” button in master page at the bottom. Added tweet and like buttons next to the content. Defaulted Tweet content makes it dead easy for a user to click tweet and share the link

By function of tweeting that page, it is now part of the “Social Stream” – given a bit more weight in search engines and enabled for discovery by followers of the user or his or her friends.

Created a custom webpart to allow users to tailor the text to configure the Twitter content dynamically. The page owner can decide that they want to automatically embed hashtags in any tweet via a webpart property.

Facebook webpart – same options – defaulting text, show like button, show activity feed, people’s faces etc.

Tip: Make sure the tweet or facebook or sharethis links go to the home page consistently, so set some buttons in the master page footer or header and ensure every page on the site shows the sharing buttons.

One of the limitations of sandbox solutions is you cannot call RegisterClientScript so webparts containing these facebook or twitter plugins cannot be handled as sandbox solutions. Also a separate mode is created for Design Mode to allow rendering in SharePoint Designer otherwise you will see the controls as broken in Design Mode.

Demo of modifying master page by overriding AdditionalPageHead content placeholder in order to inject OpenGraph metadata tags (title, site name, description).

Enable Engagement and Conversations

Allow Social Commenting

Educate others that the conversation is happening

Increasing brand awareness and credibility by inviting the conversation to your site

Customers can engage with you and with each other

Facebook: Login plugin on your page and activity stream

Twitter: Widgets around searching or surfacing profile on your website

Demo of wrapping code in content editor webpart for these

Enabling Engagement and Commenting

Governance is key – to keep engagement clean and managed

Store and publish content on Social Sites: Examples: YouTube, Twitter, Facebook “fan pages”

Increased visibiltiy and re-use

Customers can view/subscribe/join without ever seeing your site

Surface your external social content on your site

1 out 6 minutes people are on a social networking site

Send to Twitter: Workflow in Action

Content added to SharePoint List – triggers approval SP workflow, results in REST post to Twitter. Need to store oAUTH credentials in SharePoint 2010 secure store service to allow staff members to sign in and post via the company account.

Content of tweet needs to be approved before posting

Register an application with Twitter to use their API.

REST Based api using OWA to allow approval

Setup oAuth sending consumer key and secret to Twitter using the Access Token they give us once signed up for the REST based api (while logged in as the company’s Twitter account).

Now go into Secure Store Service and add new Group access (single version of the credentials) although you could have different Twitter profiles and those could be individual secure tokens. Define the attributes we are capturing (Screen Name, Token, TokenSecret, ConsumerKey, ConsumerSecret).

Demo of creating automatic tweet via workflow that includes page title (for a press release) and then a link back to the page automatically

Other Integration Scenarios

Leverage FAST Search for dynamic content  with the FB Graph API

Connect BCS to Twitter – use native UI and WebParts with twitter content

Federated Search of Twitter, YouTube etc

Use federated login to Live or Facebook – use native SP Claims Based Auth instead of using the FB Connect plugin. Allows for audience targeting or storing a rich SP user profile

Allows for back end LOB integration (ex CRM, SAP, etc)

Tips and Considerations

Do you need to own the conversation / content?

SharePoint’s Social Networking capabilities require login

Linking is tied to pages / uRLs – if pages change or are deleted conversation goes away

Performance of plugins – Facebook like button is at least 2 calls to Facebook. You could try to load JS asynchronously after pages load to keep down load.

Reference javascript in master pages or page layouts

Tuesday, October 04, 2011

SharePoint Conference 2011: Developing SharePoint Applications with HTML5 and JQuery

These are my (very) rough notes of a session by Ted Pattison at the SharePoint 2011 Conference in Anaheim.

It was a great session – Ted went into great detail in a short amount of time – and it was very entertaining.

Agenda

  • Using JQuery with SP 2010
  • HTML5 Fundamentals
  • Leveraging HTML5 Features in SP2010
  • Adding support for IE8 and IE7

JQuery Fundamentals

JQuery was designed to hide differences between browsers.

Design focuses on 2 primary tasks:

  1. Retrieving sets of elements from HTML pages.
  2. Performing operations on the elements within a set

Linking to the JQuery library -  link to Microsoft CDN. Or you can add JQuery source to SharePoint environment in _layouts directory or via content DB in site collection. Adding to _layouts is not friendly to sandbox of Office 365

Tip: Use <SharePointScriptLink tag in the content layout

Tip: Create a feature to deploy the library. Deploy as Visual studio solution and deploy the wsp file which contains the JQuery script files and uploads them as a module.

Configure IntelliSense for JQuery

Copy JQuery source files to folder on local machine

Need a way for JQuery code to fire at the right time (when the DOM is available).

DocumentReady Event Handler

JQuery Objects

JQuery object represents a collection of zero or more elements referred to as a “Wrapped Set”. Example:

$(“p”).css({“color”: “#333” });

Most objects are created to cascade (i.e. do a bunch of things at once)

JQuery leverages familiar CSS selector syntax

Demonstrated using Browser debugging tool (which can be used in Office 365) to create new HTML tags dynamically using the DOM

JQuery UI Widgets

Pre-coded UI components based on built-in theming scheme – an extension to the core JQuery library

JQuery UI Widgets:

  • Auto-complete
  • Date Picker
  • Slider, Progress bar
  • Tabs
  • Accordion
  • Dialog

Download themes – which have CSS files you can use to configure the colours and look and feel

Working with Data

JQuery Templates: An additional extension – this is in BETA.

Templating mechanism for replacing XSLT transforms

Provides strategy for converting data collections into HTML

Demo: Creating an HTML Table with JQuery templates and making AJAX Calls with jQuery

Makes it possible to call REST based services

_vti_bin/listdata.svc for any SharePoint list returns a feed in XML format

$.getJSON(requestUrl, null, OnDataReturned);

You can POST using JSON to the SharePoint _vti_bin/listdata.svc list

Edits-  have to view the DOM’s etag to see if another user hasn’t updated the SharePoint list data in the meantime. Use If-Match and pass in a MERGE method

HTML5

SharePoint uses XHTML 1.0 and CSS2.1

HTML 5 allows page elements to degrade gracefully. Adds JavaScript APIs and some new properties

Motivations to move: Want CSS, JavaScript and HTML to work well across all browsers. Want to target mobile devices.

Primary Pain Points: Modern browsers only support portions of HTML. IE does not offer HTML5 tag support until IE8.

New functional elements such as canvas, geolocation, video and data list

CSS3 Changes

Borders can have rounded corners. Colors can be expressed with gradients and opacity. Text can have drop shadows and more control over text wrap. Partial adoption of new properties has been going on for years.

New JavaScript 5 APIs

Not universally supported

Demo of creating a master page supporting HTML 5 – add document type and some new tags.

You still need to keep some special named HTML divs for SharePoint 2010 (for the Ribbon)

Creating an HTML 5 Site

Demo: Creating pages using new HTML 5 features: use the canvas, use SVG graphics

Videos: tip – include multiple sources for video formats because for the moment browsers support different formats

Geolocation: Can get navigator.CurrentPosition to figure out where you are and load a map using JavaScript information

Browser Support Fallback

IE8 and 7 still make up significant amount of user base

Polyfills is a way of providing fallback functionality for older browsers. Supporting older browsers begins with modernizer – Modernizr open source project that helps with this.

Some things you do in HTML5 will not work in IE 7 or 8 no matter what you do.

Added ScriptLink to the Modernizr script. Modernizr allows you to specify via CSS and JavaScript what will happen if the browser does not support one of the items (such as the new Canvas tag).