Monday, 2 February 2015

Encrypting Content databases

Overview: TDE is Transparent Data Encryption, where you can encrypt your "data a rest", this encrypts the SQL mdf and ldf files.  Few enterprises require TDE for content database but if your customer has specific enterprise security requirements (Encryption at Rest for High Confidential data) or compliance requirements such as SOX, HIPAA, or Payment Card Industry Data Security Standard (PCI DSS) TDE may be an easy win.
  • TDE is only available from SQL 2008, 2012 and 2014 Server Enterprise Edition.
  • SP Blobs are stored outside of mdf so they are not encrypted by TDE.
  • Only Content databases can be encrypted (not verified).
  • Search indexes are obviously not encrypted by TDE.
  • Encrypting the Connections to SQL or IPsec is needed to encrypt data between SP and SQL, not covered by TDE).  Nor are any call to web services or data in transit, use SSL.
  • TempDB is encrypted even if only 1 db is using TDE.
  • Applies to SP2013 On-prem. farms only.
More Info:
Storage and SQL Server capacity planning and configuration (SharePoint Server 2013)

Sunday, 25 January 2015

Auditing in SharePoint 2013

Overview: SharePoint provides excellent logging capabilities, to retrieve the auditing logs Site Settings > Site Collection Administration > Audit log reports.
  • By default auditing is enabled in SharePoint.  PB: I think this statement if false, all the farms I review are not logging information in the audit logs.
  • Auditing is done at a Site Collection level.
  • Audit logs are kept for 30 days by default and can be change via the UI in the site collection and the clean up is controlled by CA.
  • Audit logs are stored within the content database, so watch the size of auditing logs.  They can take up considerable space in the content database so don't just audit everything and keep the logs endlessly.
  • Permissions changes, check-in/check-out, search queries, edits, document views (not SPO), ... can be audited.
  • Various reports can be downloaded into excel for slice and dice such as the Security settings audit log report.
Centralised Auditing Product:
LepideAuditor Suite – SharePoint
LogBinder SP

Sunday, 18 January 2015

What are SharePoints Competitor Products

Overview:  SharePoint does not stack up against any single COTS product easily due to the size and functionality offered.  This post is my opinion and I am not an expert in any of the competing products.
A few years back I wrote a post that is till somewhat relevant form SP 2010 competitors.

This post aims to list competitor products in a vary broad sense and tries to highlight the areas that where the product and SharePoint perform a similar function.

Beehive from Oracle, lines up to Lync, Exchange/Outlook and SharePoint
OpenText, lines up some of SP's functionality such as blogs, Wikis and document collaboration.
Search competitors:
  • Endeca (Oracle)
  • Autonomy (HP)
  • Google Search Appliance or Google mini
  • Coveo
  • Solr (check this out)
CMS Competitors
  • SiteCore
  • Umbraco
  • Druple
More Info:
If anyone has further information please reply as this is not an exhaustive set of lists.  My experience of rival products is fairly limited.

Sunday, 11 January 2015

Minification Tooling

Overview: Minification is the process of combining multiple css or js files, removing whitespaces and comments to improve web site performance.

YUI Compressor(Yahoo)
Web Essentials(Microsoft)
Google Code Compress (Google)

I'd always go for 1 of the Microsoft tools: Web Essentials or Mavention as the plug into Visual Studio, as a SharePoint guy this would be my preferred option.  Both the MS tools appear to use the same engine as the compression appears identical, work out to roughly 60% on both CSS and JS compression.

Tuesday, 16 December 2014

SharePoint 2013 Public Website Check list

This post is under development and needs to be added to ....

  1. Responsive design vs Device channels - Does the site switch resolutions and browsers gracefully.  RWD vs AWD (Adaptive Web Design)
  2. Broken Links: Check My Links 3.3.4 is a plugin for Chrome to check a page for broken links (go over main pages at least)
  3. Fiddler - Use for 404, and other errors, look for dodgy urls and headers being passd around.
  4. Charles is a similar tool - helps with broken links, size of files, shows web calls, review response headers, size of files and speed of execution.
  5. Minification - is the minimisation of JavaScript and CSS.



All devices and browsers (1. PC/laptop (IE 11-IE7, Chrome, Firefox, Opera, Mac/Safari), 2. Phones(iPhone, Android OS, Windows OS), 3. Tablets (Android, MS/Surface, iOS/iPad).

Helper Tools: - Nice tool to add Social bookmarking service for your websites. Collects stats TypeKit - Nice for Fonts, review the licensing needed.

  1. Check Internal Search is not returning passwords
  2. Check google is not picking up passwords/confidential data 
  3. Remove response headers:
  4. MicrosoftSharePointTeamSiteServices(versio), X-Powered-By. X-SharePointHealthScore, X-aspNet-Version) Performance X-SharePointHealthScore

Wednesday, 3 December 2014

SharePoint 2013 workflow

Overview:  SharePoint 2013 has a workflow engine, you can still use SP2010 workflows.


Thursday, 27 November 2014

One Drive terminology in a picture

Problem: Confused by SkyDrive / OneDrive / My Site One Drive for business and MySite now call OneDrive with OneDrive labelling?