The biggest problem is the lack of competent management in many organisations today. Unfortunately most business schools don’t teach information technology and most IT schools don’t teach management courses. Business managers therefore don’t comprehend the decisions that need to be made to implement their policies and IT managers don’t have the ability to visualise business problems and enunciate them to management.
The ease with which business units can establish and start using SharePoint creates several problems for an organisation. Each instance of SharePoint is often an island of computing technology that is established for a specific purpose and fails to leverage corporate facilities. Let’s look at some scenarios:
1) Project Alpha establishes a team room to provide the organisation a communications platform about the project, and to act as a repository for project documentation. There is no record in AD of the team members in Project Alpha so the SharePoint administrator creates a SharePoint group and the project team manager is made the owner of this group The result is an administrative headache and the professional expertise of the project manager is being wasted.
2) The company decides to replace their document repository with SharePoint. Documents are categorised as Open, Department-Restricted, Confidential and Board. Board-level documents are available only to the Board of Directors with the site membership managed locally. The secretary of a board member then goes on vacation and a clerical assistant is brought in as a replacement and their account is added to the board membership. This person reverts to their substantive position when the board secretary returns but no one remembers to remove the account from the board membership.
3) The company embraces SharePoint as the company’s main portal and source of contact information on staff and contractors, AD is used as the source of identity information. Another instance is deployed by the project management office with project teams administered manually by each project manager. Another instance is deployed by administrative services as s controlled document repository with access controlled by document owners.
The problem is a lack of co-ordination. Because the management of these sites is fragmented there is the opportunity for site memberships to become out-of-date and inconsistent. A team member might update their phone number in their project team site but this information does not flow to HR or the central portal.
So – if you want to take advantage of the Azure cloud infrastructure - what should you do?
First – make sure your on-premise AD is clean. Most AD instances are dirty. There are disabled accounts that have never been deleted. There are schema extensions that have never been used. There are arcane attributes that have been hijacked for specific applications with the reasons lost to antiquity. You don’t want this rubbish replicated to the cloud.
Second – make some policy decisions. It’s quite possible for Azure administration to modify Azure AD. If this does not cause a panic attack it should. Please ensure that directory mods occur on-premise and nowhere else (unless you’re decommissioning your on-premise infrastructure).
Third – reign in your SharePoint infrastructure in the cloud. There is the potential under the Azure for a proliferation of SharePoint sites with individual SharePoint admins each doing their own thing when it comes to managing identities. Strict enforcement of an “AD-based” solution, with SharePoint groups managed from AD, will avoid tears in the future.
Bottom-line – Windows Azure promises you significant benefits – but you need to manage it.
Graham
