User Profile Service Application - My Site on SharePoint 2010

Plan and set up for MySite in SharePoint 2010 are as below:

1. One of the Best practice for setting up My Site is to create new separate web application with "My Site Host" template Site Collection at root level.

2. Configure wildcard inclusion managed path as 'personal' with this new web application

3. Configure My Site settings for User Profile Service application.

4. Enable Self-Service Site Collection for this new web application which allows auto site collection creation when user clicks on MyContent in MySite for the first time.

There are number of other factors involved in planning of My Site

User Profile Service Application - Plan for User Profile on SharePoint 2010

A user profile is a collection of properties that describes a single user, along with the policies and other settings associated with each property. Some of the enterprise social networking feature that user profiles support are: my sites, profile pages, people searching, organizational charts, enterprise search, social tagging and audiences.

New user profiles are created in the following ways:

• If an authenticated user does not have a user profile, a new one is created using properties taken from the appropriate directory service when that user initially accesses his or her My Site.
• One or more new user profiles can be created using profile synchronization.
• A custom solution can be developed to create user profiles. 

A user profile is composed of a set of user properties. Each user property provides an item of information related to a user. User property values can come from directory services, business systems, or user input. You can set policies on each user property in a user profile to help govern how the information in that property can be used

Plan of User profile includes: Identify stakeholders, Identify how the profile information will be used, Identify directory services and business systems, Determine which properties to include, Determine property details, Determine personalization settings policies, Plan for capacity

User Profile Service Application - Plan for Profile synchronization in SharePoint 2010

Profile Synchronization : Connections to directory services - Each user that you want to have a profile in SharePoint Server must have an identity in a directory service. Using filters, we can choose to exclude profiles from synchronization.

Profile Synchronization : Connections to business systems - To import properties from a business system, you will need an external content type that brings the property value from the external system into SharePoint Server 2010.

Identify property mapping - To indicate that a user profile property comes from an external system, you map the property to a specific attribute of the external system. Certain user profile properties are mapped by default. You can only map a profile property to an attribute whose data type is compatible with the data type of the property. When you synchronize profile information, in addition to importing profile properties from external systems, you can also write data back to a directory service. You cannot write data back to a business system. Each property can only be mapped in one direction. You cannot both import and export the same user profile property. The data that is exported overwrites any values that might already be present in the directory service.

Synchronization groups : By default, SharePoint Server synchronizes groups, such as distribution lists, when it synchronizes user profiles. You can turn off this functionality from the Configure Synchronization Settings page of Central Administration. Synchronizing groups is only supported for AD DS.

Synchronization schedule : The first time that you synchronize profile information between SharePoint Server and external systems, you must run a full synchronization. After that, you should configure the User Profile Incremental Synchronization timer job to perform an incremental synchronization on a recurring schedule.

User Profile Service Application - Plan for Audience in SharePoint 2010

An audience is defined by a collection of one or more audience rules and by whether all or only one of the audience rules must be met when evaluating membership. An audience rule can be based on membership in a Windows security group, membership in a distribution list, position in an organizational hierarchy, or by a user profile property. To define each audience rule, you must select an operand, operator, and value.

Once an audience has been defined, it must be compiled on a regular basis because the underlying user profile properties and membership in directory services and groups can frequently change. An administrator schedules the timer job that controls when audiences are compiled.

To support a specific audience, you may find that you need to add more profile properties or distribution groups.

User Profile Service Application - Plan for Social tagging in SharePoint 2010

Social Tagging consist of Social Tags, Note Board, Ratings and bookmarklets.

Social Tags and Note Board can be associated with pages, library, items and much more. We can add tags and notes by using "Tags and Notes" control in ribbon (Farm feature "Social Tags and Note Board Ribbon Controls") which also has privacy setting. All these activities are visible in My profile under "Tags and Notes" tab.

Rating are associated with library and list for which we need to activate "SharePoint Server Publishing Infrastructure" feature. Go to list settings -> Rating Settings -> Allow items in this list to be rated - Yes. 

Managing Security in SharePoint 2010 Based on Metadata

Managing Security in SharePoint 2010 Based on Metadata

The most robust way of keeping your SharePoint manageable is to keep it's structure clean and clear, though business often introduces some complex rules and convoluted workflows. Degree of complexity even increases when it comes to governance and security.

One task of such kind that business demands is to secure document based on the metadata values. In SharePoint 2007 it usually leads to custom development or purchasing one of the 3rd party products (like one from the Titus Labs), luckily SharePoint 2010 came up to help. Let's say we were asked to assign custom permission level on the document based on it's category, although to make it harder assume that document can have multiple categories.

The following picture shows security matrix to be implemented:

Here are the steps to achieve this using out-of-the-box Content Organizer feature, folder based security structure and Metadata Navigation.

1. Create "MD Document" content type
2. Add Managed Metadata column "Document Category" to the content type with the following Taxonomy

3. Add MD Document content type to a "Documents" document library.
4. Create three folders in a document library "Public", "Confidental", "Top Secret". Break permissions inheritance on these folder and assign desired permissions in accordance with security matrix.
5. Go to site settings and activate Content Organizer feature.
6. Add content organizer rule to route documents having Accounting category to a Top Secret folder.

7. Create rules for all category types. Less privileged category should have higher rule priority.

Starting from that point all documents that a user uploads to a Documents library will be processed by Content Organizer and placed in a secured folder based on a document category, i.e. secured based on the metadata.

A user will be informed by the following message in the upload document dialog:

And when category field is set up, document will be automatically routed:

Also, I like to use Metadata Navigation and Filtering feature in order to make navigation over categories more convenient. Activate this feature in Site Settings, go to document document library settings, then Metadata Navigation Settings and add Document Category column to the Selected Hierarchy fields. That will add a nice looking category tree to a documents list.

SharePoint 2010 Virtualization

With virtualization we can have multiple virtual servers(OS) on the single physical server. For example we can have web server, application server and database server on a single physical server.This approach not only help with cost reduction and maintenance but also with response time, high availability and scalability with business needs.

For SharePoint 2010 virtualization, Windows Server 2008 R2 with Hyper-V contains tool set which help to achieve reduces cost and increase performance.

Benefits of Virtualization:

1. Restore previous server instance: Administrator can take snapshot of the servers on timely basis so that if something goes wrong with server settings or installation, he can restore previous server's snapshot.
2. Virtualization tool-sets ensures that physical hardware like processor, RAM are used to the full capacity. For example: In a small physical farm, we have 2 web servers, 1 application server, 1 DB server. There are times when these physical servers are not used at full capacity. Virtualization handles these parameters dynamically in-turn increasing application's performance.
3. Multiple applications with different software requirement can sit on one physical server. For example: We have MOSS 2007 portal and SharePoint 2010 portal to deploy on PROD. We can create 2 different operating systems on same physical server using virtualization.          
4. We can scale up or down easily with virtualization. For example, a small organization can use virtualization to built small farm (2WFEs,1App,1DB) on single physical server and as organization grows they can easily add couple of physical servers instead of switch from stand alone to small farm. 
5. Dynamic memory distribution treats memory as shared resource that can be reallocated automatically among running virtual machines

Generally Indexing server and Database server are not virtualized because they actually consume all the resources of physical server and there is little scope of physical server's resource sharing using virtualization.

For virtualization best practices and configuration follow below link: http://www.microsoft.com/en-us/download/details.aspx?id=19508