Liam Cleary [SharePoint MVP]

Home

February 22

SharePoint – Document and Records Management

by liam.cleary

on 2/22/2012 9:40 AM

Category: SharePoint 2010; How To; SharePoint; Ramblings; Best Practice

Yesterday I presented a Virtual User Group meeting for www.thesug.org on Documents and Records Management. Based on this I thought it would be useful to recap my own thoughts on this and where SharePoint really stands.

Firstly let's ask ourselves what is document management?

In my mind this quote sums up what it is:

"Document management controls the life cycle of documents in your organization, from how they are created, reviewed, and published, and how they are ultimately disposed of or retained as records".

In reality though, document management is the core component of the Enterprise Content Management or ECM nirvana that we try to attain in the many organizations that we visit with/work with. If you were to look at what you do in your daily work you will see that you fit into one of the following three categories for document management:

Store Electronic or Physical (locations) documents and images
Manage Electronic or Physical (locations) documents and images
Track Electronic or Physical (locations) documents and images

You may also be involved in capturing paper based information as part of your role, all of which constitutes the idea that document management is an integral part of what we do each day. Think about how much easier it would be to run a document management platform at home to categorize your bills or even tax details. Even though you do not have a document management platform at home you will however follow the core defining principles of document and records management in the way you save, file and retrieve those receipts, bills or tax details. We are never free from the document management woes, whether at work, school or home.

Secondly let's ask ourselves what is records management?

This is a more complex to define as this can mean many things to different people and organizations. For me it comes down to the following processes:

Creation
Receipts
Maintenance
Use of…
Disposition of…

It is all about the end game of the documents and files that we work with. It is about the time that we retain these, so for example I am sure thinking back to your home, that you have wage slips from many years ago, bills from a year ago and of course tax return copies etc. that you store. This is what records management is, the final process of the document lifecycle process and really the storing of them based on some kind of retention logic.

So now we know what document and records management are, how can we be successful with whatever the platform is? For me I work as a Solution Architect, so I am involved directly inside organizations assisting them in this exact question. Based on this the following is a list of core items that will bring about success irrelevant of the technology platform you may decide on.

Map Document Management Requirements to Business Objectives
Setup a reliable Document Capture process
Secure access to the sensitive documents
Optimize the use of Workflows
Maintain Document Life Cycles
Use guidance from the core Standards
Ensure retention Hold process is followed
Communicate and Train the records staff and end users who will be declaring records
Monitor the content, ensure compliance is met
Automate the "destruction process"
Ensure a "destruction log" is kept

This is not everything that will make your implementation a success but will go a long way into helping you as a business to refine the processes and platform you choose so it can be a success.

Now we understand the core objectives and how to be successful now we are able to take this list to the platform of choice and apply this. In my case SharePoint is squarely at the top of the tree, not that it does everything but it is a great platform to use.

So what does SharePoint bring to the table for both Document and Records Management?

Document Management

Check In / Check Out
Versioning
- Comparison
Managed Metadata
- Structured
- Folksonomy
Content Types and Site Columns
Metadata Navigation
Folder Structure and Filtering
Item Permissions
Document ID Service
Social
- Ratings
- Tags and Notes
Rule Based Submission – Content Organizer

Records Management

Full Document Management Capabilities
Document ID
Multi-Stage Retention
Per-Item Audit Reports
Hierarchal File Plans
File Plan Report
Taxonomy and Centralized Content Types
Content Organizer
Virtual Folders – Metadata Navigation
In-Place Record Declaration
Support for tens of millions in a single record center
- More in a distributed archive scenario

Each of these features has been built to assist you in "building" the right solution. Yes I said "build" the right solution. SharePoint is too big a platform to be a single point solution. It has many capabilities and as such, it means some areas are strong and others are not so strong. For an organization moving to a new intranet for example and who has a document or records management requirement, SharePoint fits the bill completely.

So let's look at some of the core features that are baked in to SharePoint. For the following four are great enhancements that make the document management process easier to use.

Document Sets

This is a great addition to SharePoint, finally the ability to group documents into a single logical component that can also be declared as a grouped record.

To create a document set, first ensure that the document set content type is available on the library. Then you are able to select the "New" option and select it.

I have completed the base name as follows:

You will notice now that a document set has a very unique landing page.

If we wish to add files you can use the standard approach and then they will be listed as shown below:

You will notice that there a custom ribbon bar available for management of the document set, one of which is the "Send To" link. If I select this I am able to send the entire document set over to a records center (this was configured previously).

Once the send to option has completed you get returned to a page letting you know it has been processed and moved. Notice that the document set has actually be zipped up automatically.

Over in the records center where I chose to send it we can see the new zip file.

This is a great feature of SharePoint for both document and records management.

Metadata Navigation

SharePoint is a fantastic platform for supporting large amounts of documents and files however it is not always easy to filter and find the files you need when inside a document library. Yes we can use folders, views and the filtering capabilities but one feature that is extremely useful is the metadata navigation. This can be enabled in the settings for the list:

This will then render like this:

This allows for dynamic filtering of the content by either content type, or specific values from the content type. Great addition, especially when you perhaps want to declare specifically tagged documents as records.

Content Types

We could write many blog posts about this, but this is really the key. Define the site columns (metadata columns you wish end users to complete), assign the, to content types and add those to your libraries for use. A great feature in SharePoint 2010 is the Content Type Syndication ability. This really helps when working with record centers etc. as the content types you wish to use need to also exist within the records sites and be associated to the record libraries. Content Type Syndication does this really well, where a single site is used to create all the content types and then timer jobs within SharePoint push those that are set to publish down to the subscriber sites.

When these are pushed down they appear as shown below:

However if you try to edit them all of the core options are removed.

The same option performed in the content type hub would allow for full modification of the content types.

This a great option to consider when using multiple web applications or site collections. The content type hub will also push down the retention polices that are configured.

Content Types in general are the key to tagging content.

Social Tags and Notes

In my mind joining the collaboration and records management processes with social networking is how the content will get better and better and the system will almost maintain itself by the extra metadata that gets applied such as tags and notes. The logic here is we are in a document library I can select a file and tag and add notes to it that others can review. This document for example has been reviewed by two users who added further "folksonomy" tags.

The note board option allows for other comments to be added also.

Single or multiple files can be selected which will then enabled the "I like It" and "Tags & Notes" options.

A side effect of this is that these tags and notes etc. are surfaced directly onto the activity feed of the user's profile.

Records Management has some great enhancements also that go above and beyond the document management ones. The essential ones are the following:

Records Center

The records center is really just a custom site but has some hidden gems for configuration. The base site when accessed does not really walk you through what you need to do, so you will need to access the site settings link.

Now you are able to follow the list of what to do

Firstly create the Content Types, (content type syndication helps here), then create records libraries, this is just as simple as creating a regular document library.

NOTE: Ensure the content types you wish to allow, are added to the library at this point.

I created the following base record libraries:

Now we need to tell the record center how to route the types of content into the correct locations. The content organizer helps us here, will discuss this a little later.

In reality the records center is the core engine of storing the records and gives you a great simple interface to access them from.

In-Place Records Declaration

This is a great feature to allow documents to be declared as records in the location they currently reside.

Or using the compliance details screen from the item menu you can perform the same option.

Once declared it is displayed as shown below:

A great feature with in-place declaration is the ability to un-declare a record back to a document, so this helps in environments where you need to control documents and records lifecycle and often change the process.

Content Organizer

The content organizer is great new feature that can be used across the site not just in a records center. To use in the records site you simple add rules as if you are adding list items. In my site I have the following:

If we look at the first rule:

We can see that I am checking the content type, checking a specific condition which is then routing into a record library and then a subfolder. If we edit the rule we can see the user interface for this:

Routing rules are very clever in respect to understand the base content types and then for example fi you had the following:

Site Collection 1: Sales Proposal Content Type

Site Collection 2: External Sale Proposal Content Type

Site Collection 3: Internal Sales Proposal Content Type

All of these when sent to the records center can be sent to the same location based on selecting the checkbox to allow other names from other sites.

Once these are defined then the actual storage location can be configured:

This is a great feature as the end user can simply create a document tag it accordingly and then send it to the record center knowing it will be routed to the correct location.

Based on the type of content and this condition we configured earlier, this document should be routed to the Invoice record library and specifically the 2013 folder.

Retention Policies

The real key to records management is the retention polices. SharePoint supports multi-stage retention policies applied using "Information Management Policies". These can be added at the content type level and this works really well, ensuring that a consistent approach is used. AN example is as follows:

Clicking the "Add a retention stage" displays the following wizard:

Event Trigger:

Actions:

You have great flexibility in configuring these for specific content types. Once this applied to a content types, irrelevant of where this file resides it will also have the retention policy applied unless it is on hold.

The compliance details for the file display the current event and when it has passed and where it currently sits. SharePoint 2010 is very flexible and gives us great features that are fairly easy to configure.

So based on some of the core features where does that leave us?

For me SharePoint 2010 has been and continues to be a "game changer" bringing document and records management to the masses. Great investments from Microsoft for both are what make this a great platform to use. If I were to rate out of five both feature sets I would say the following:

Document Management

Records Management

I think that both areas can be updated but for now to give you the extra level up for Records Management I would suggest looking at a 3^rd Party solution such as these, I know there are more but these ones stand out:

Autonomy ControlPoint for SharePoint
OpenText Application Governance and Archiving fir SharePoint
Laserfiche Records Management for SharePoint
GimmalSoft Compliance Suite for SharePoint

All in all for a base implementation I would suggest to use out of the box first and scale and update later. Now the core things to remember:

SharePoint is not a "dumping ground"
Solution is only as good as it is implemented
Records Compliance such as "DoD 5015.02" will a 3^rd Party
SharePoint is a Web Based Solution ONLY, no real client application as such
Train, Train and then Train your users again

These items if followed along with the best approaches for success will enable you as an individual or organization to implement a great document and records management platform.

0 Comment(s)

January 30

Are you internet addicted?

by liam.cleary

on 1/30/2012 10:56 AM

Category: Ramblings; SharePoint; Speaking Engagements

Like most of you out there, I have spent quite a bit of my life travelling, staying in hotels and generally being away for work. Sometimes this is great and exciting sometimes it is not. If you speak to anyone who travels for work they will say it is kind of a like a "love / hate relationship", where as everybody who doesn't travel thinks it is most exciting thing ever. I remember while living back in the UK, travelling to Athens, Greece for work. As much as this was exciting, most of what I saw was the Plane, Taxi, Hotel, then the client offices, and of course then in reverse when leaving. My post today is no about whether or not travelling is good or bad but about my own experience and dependencies on little things that make my life easier when travelling.

A few weeks I ago I travelled out to Seattle for client meetings, as I always do where possible I don't check a bag, I reduce what I take to the smallest amount of essentials so I can skip out on the extra hour of time at any airport waiting for my bag back. However one thing that I don't skip on is my work back of "geeky" stuff. Travelling back in the UK, this was never really an issue as I either drove or caught the train, but here in the US, flying is the normal. So I packed my back and went to Dulles airport.

I am a great advocate of "saving the trees" where possible, so choose depending on the airport to check in online using my iPhone, and use the digital ticket they give you, feel like I am doing my part to save the trees.

You all know what comes next, the exciting airport security line that can be the easiest or the hardest thing you ever have to do when travelling. Luckily for me this time was very easy. However I arrive at the security barrier, start to almost strip down to my underwear (there's an image for you) and then unload all of the required items that have to be scanned separately. So while doing this one of the TSA staff is watching me and then comes over to me and asks me "why I needed all the devices" that I had placed in various trays. So to explain I had the following:

Windows 7 Laptop for Work
Apple MAC Book Pro for Work
iPhone
Kindle Fire
Regular Kindle (forgot about that being in my bag)

What I also had was multiple external USB hard drives in my bag which always causes a double take by the TSA bag screener. So my response was very simple, "yes", I do and I then proceeded to explain and justify why I needed all the devices with me. At that moment I suddenly found myself asking if I did really need to carry all the devices. Both laptops would have worked, so one would have done, I get internet, email etc. on both by laptops, kindle and phone, justification being some devices rely on Wi-Fi others on the cell phone network.

Isn't it funny to think that in a world when the devices are supposed to do "everything" we can imagine we still end up carrying multiple devices, because the devices we need are different based on the task in hand. Now skip forward to Austin, Texas the other week sitting in the airport with a few colleagues who had attended and spoken and to a very awkward conversation that right now I cannot remember who started it, but it related to my obsession with devices and then the connectivity that I need *ALL THE TIME*.

Are you like me where you really feel it when you, don't check your email, don't surf the internet randomly or just know you have a connection. Sounds bad I know, but with travelling around you soon get an appreciation of a good internet connection, some hotels are good, others are bad, sometime my cell phone works so I can use other times it does not, and of course unless you are on plan carrier that has Wi-Fi the flights can be very long when all you need or want to do is send that email or check Facebook or twitter.

Surely I am not alone on this, so while sitting in the Airport, a friend Bill English said that when he finishes work on a Friday he "un-plugs" until he has to go back to work on Monday. I was amazed that he could do that. For me I have my phone with me at *all* times, just in case someone whoever it is needs to send me en email, text, tweet or a Facebook message. I like the feeling of being connected and really do feel a little disconnected and almost out of it when not connected or at least have access to some device that is online the whole time, kind of reminds me of being in the "matrix".

So does this mean I am an "internet junky"?

Do I have an addiction? Is it time for me to let go of a device for a few hours and wean myself off the need to be connected?

My own though is maybe it is time to let go a little and enjoy the time away from it. I am not alone in this, I go and see my son playing football (soccer) and I am not the only parent who is on the phone at some point of checking in on Foursquare, Facebook or tweeting how great my kids are. In my mind this is fine however, we seem to as humans being moved away from the idea that talking to people is accepted, now we ask people to "email me", "ping me", send me a "Facebook or Twitter Message", are we going to end up not speaking in the future? I don't think so but maybe it is time to let go a little and go back to idea, as Orange in the UK, always had on their commercials "it is good to talk".

Maybe I will start wearing this T-Shirt to spread the work and may you think about your own "connectivity addiction" J

0 Comment(s)

December 23

Merry Christmas and Happy New Year

by liam.cleary

on 12/23/2011 8:37 AM

Category: Ramblings

Well it is that time again, the joyous Christmas season. It has been a very busy year, great work, great conferences and it has been fantastic to meet a lot of you this year. As I think of this time of year, I reflect at where I am at, what I have done and what I wish to achieve this next year which helps me to prepare for the next year. As I thought about this I was reminded to say a big

"thank you"

to everyone who I know and those I don't know who follow my blog. Thank you for your support, reading my posts and commenting to make the posts useful.

I hope that you have a great Christmas Season and a great start to the New Year. 2012 is going to be a great year; I would even say it will be the year of "SharePoint". Many organizations have now seen the light and are adopting it more and more, which means we will all be working very hard again next year which has to be a good thing.

So here's me wishing you all a great start to 2012, hopefully see you at a conferences this year.

Merry Christmas and a Happy New Year!!

0 Comment(s)

December 19

TFS Preview

by liam.cleary

on 12/19/2011 9:15 AM

Category: Development; Cloud; Team Foundation Server; TFS; SharePoint; SharePoint 2010

So as you may all be aware Microsoft has released a preview of Team Foundation Server in the cloud for everyone to try. What a great idea, it makes perfect sense to me; I had been investigating a hosted TFS solution a while ago but had been deterred by the cost, but know with Microsoft hosting it along with the other Azure Services this could be a viable option. So if you have not got an account, then head over to http://tfspreview.com and use the following code: TfsDecUpdate, if this does not work then you will have to wait for the next update, I would assume in January.

Once you have created your account you should end up with a page that looks similar to this:

Once you have the site up and running, you are then able to create a TFS project just as you would if you were using the on premise TFS.

As you can see at the moment there are three templates available for the project for my demo I am going to use the first one.

Once you have completed the form the creation process will begin.

This may take some time, once done you will see a confirmation screen, if you get an errors at this point, the screen will close out but the process will continue. Once completed you will then be left with the project listed on the left.

The name of the project is hyperlinked directly to the project site so once clicked on it will load as shown below.

So as you can see it has some similarities with the TFS web tool that you can use if you have an on premise installation. A very cool feature though is the ability to add members to the projects. To do this click the "Manage Members" link on the right.

The original account you used for setup will be listed. You can then select the "Add" menu item where you can either add a user or a TFS group.

For my demo I am going to use "Add User", which presents a people picker that is wired to the windows live platform.

You do not have the ability to search the window live directory, but you can search within the current users you have allocated to the TFS site. I simply added my MSN email that was not added and clicked okay.

The picker will validate the account and allow it to be added, which will then redirect you to the summary page of all members.

When you go back to the home page now you should see the other account(s) listed in the member's control.

So now we have our project created, members added what else could we do? Well we can create product backlog items, tasks, bugs, impediments and test cases. This is done using the links on the site, so as an example to add a task, click the following button.

And then complete the form as needed.

Once you have TFS items in the system you can allocate them to users and use them in exactly the same way as TFS on premise.

The user interface is fantastic, so I can click the "Work" link and view my product backlog and sprints, boards and work items that are associated to me.

You are also able to access the source from the main navigation.

You also have the ability to view the builds you have scheduled and completed builds.

Now to work with it locally from Visual Studio you will need to download the add-in, which will enable you to connect it as if you were using on premise TFS.

You access the required download if it is needed using the following page:

http://blogs.msdn.com/b/visualstudioalm/archive/2011/09/14/tfs-preview-downloads.aspx

All in all so far it works really well, will post some more in a future post, enjoy J

0 Comment(s)

December 05

SharePoint 2010 and Azure Access Control Services – Part 2

by liam.cleary

on 12/5/2011 1:50 PM

Category: SharePoint 2010; Azure; Architecture; Security; SharePoint; How To

So in the last post we setup the Access Control Services with the following:

Custom endpoint name (helloitsliam for me)
Yahoo Identity Provider added
Claim Mappings generated from Yahoo
Certificate loaded

Our next task is to tell our SharePoint environment to use this Identity Provider, this will use windows azure acting as the proxy for the other providers behind it. So to begin with make sure your SharePoint server has internet access, sound silly you know but you never know. So now we have this, we need to use PowerShell to enable a Trusted Identity Provider, for this I will explain the PowerShell.

The first part is to declare the certificate that we used in the Access Services into SharePoint so we have a mapping for both environments:

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("{Path to SSL}.cer")

Next we need to setup our claim mappings that SharePoint will expect from Windows Azure upon a successful login.

## Generic Claim Mapping for Email Address ##

$map1 = New-SPClaimTypeMapping "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "Email" -SameAsIncoming

## NameIdentifier Mapping for Windows Live ID ##

$map2 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" -IncomingClaimTypeDisplayName "UPN" -LocalClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"

Next we need to set the realm that is expected and presented to SharePoint as well as the actual sign in URL that SharePoint will use when someone tries to login. The realm can be a URL or a URN, so for example I am using a URL, "http://sharepointcloud.domain.com" but a URN could be used such as "urn:helloitsliam:sharepoint". To get the sign in URL, access your Access Control Service and select the "Application Integration" link.

To get the exact URL you need, you can use the WS-Federation Metadata link, open it in your browser and it should then display the raw XML, which if you search for "<fed:PassiveRequestorEndpoint>", will display the exact sign-in URL like mine:

So our PowerShell is now, obviously replacing "{name}" with your selected namespace prefix.

$realm = "https://sharepointcloud.domain.com/_trust/"

$signinurl = "https://{name}.accesscontrol.windows.net/v2/wsfederation"

Now to add it all together, we use the following command to add the Trusted Identity Provider, set the Name, Claim Mappings, Certificate and sign in URL. The most important part is the setting of the "Identifier Claim", this is the one that you will see in the Welcome Control and SharePoint will use as the identifier for any user.

New-SPTrustedIdentityTokenIssuer -Name "Windows Azure ACS" -Description "Windows Azure ACS" -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map1, $map2 -SignInUrl $signinurl -IdentifierClaim $map1.InputClaimType

Finally we set the certificate as a "Trusted Root Authority" in SharePoint using the following:

New-SPTrustedRootAuthority -Name "Windows Azure ACS Signing" -Certificate $cert

There we have it; the only other part is to add the certificate tree as trusted certificates also. So for my example I now have the following:

The Comodo Root, the core Certificate Authority and then the one we set in the PowerShell above. If you are not sure of the tree, open you're certificate and you check the certificate path as shown below:

Now we have this done, we need to make sure the certificates we have used here are also added to the "Trusted Root Certification Authorities" as shown below:

Next we need perform the internal SharePoint configuration for the web application. Open up "Central Administration", "Application Management", and "Web Applications" and select the Web application you want to use the provider with.

Select the "Authentication Providers" option.

For my test site I have already extended by default zone with an internet zone that I am going to select to use the identity provider. Once the configuration opens, for me I am deselecting the "Windows Authentication" and setting just the "Trusted Identity Provider".

Press the okay button and wait for this configuration to be saved. Once done we can access my anonymous site and select the "Sign In" link at the top.

We should be redirect to the Azure Access Control Service:

If you select the "Yahoo" option or "Windows Live ID" if you have one, it should redirect you to the provider login site:

Upon successful login it will send you back to the SharePoint site logged in. The actual process can be seen in fiddler for Yahoo that is:

Initial Click from SharePoint, redirect to Azure then onto Yahoo

After login, redirect from Yahoo back to SharePoint

So a few redirects, but the end result is me logged in with my account and having access to SharePoint; which was granted to my account earlier in the usual way.

All in all not so hard to get it working. There are a few more things that you would want to do to make it work in a production environment but for now this just works and is fantastic.

0 Comment(s)

December 05

SharePoint Saturday Utah – Wrap-up

by liam.cleary

on 12/5/2011 11:11 AM

Category: Conferences; Speaking Engagements; Ramblings

So SharePoint Saturday Utah was great, great speakers, attendees and organization. It was a perfect location and everyone I spoke to had a great time. For the 1^st SharePoint Saturday in Utah, I felt it was a great event, looking forward to the next one. Big shout to Joel Oleson, Christian Buckley and Josef Nelson for the event!!

As with all SharePoint Saturdays, the key is everyone coming with the right attitude of learning and the speakers giving off some great energy and excitement, which was the case there. The evening entertainment was good too, Brazilian food for the speaker dinner then a tour around Temple Square in Salt Lake City Centre. Few pictures below:

It was very cold, but worth wandering around just seeing the sites and hanging out with everyone. Saturday's entertainment was great too; get together with some of the attendees and speakers at the inaugural SharePint. After which, off to a Caribbean restaurant for some great food and chatting with a smaller group of the SharePoint Community "die hards". Then it was the extra committed off to Urban Lounge in Salt Lake City to experience the underground clubbing vibe!! Live band and then some "real" hip hop from a couple of groups, very cool, not experienced the whole Hip Hop vibe before.

So if you missed it or have never experienced a SharePoint Saturday, get out there and join the community and enjoy the friendships and learning that goes with it.

My slides are available as PDFs here:

http://blog.helloitsliam.com/Presentations/SPS-UTAH-ART-OF-POSSIBLE-KEYNOTE.pdf

http://blog.helloitsliam.com/Presentations/SPS-UTAH-DO-YOU-CLAIM-TO-BE-FROM-THE-AZURE-SKY.pdf

Or you can get them from Slide share here:

http://www.slideshare.net/helloitsliam/spsutah-the-art-of-the-possible-keynote

http://www.slideshare.net/helloitsliam/spsutah-do-you-claim-to-be-from-the-azure-sky

So hopefully see you around at an event soon, will be at the following in January:

SharePoint Saturday Virginia Beach

SharePoint Saturday Austin Texas

See you around J

0 Comment(s)

December 05

SharePoint 2010 and Azure Access Control Services – Part 1

by liam.cleary

on 12/5/2011 9:50 AM

Category: SharePoint 2010; Azure; Architecture; How To; SharePoint; Security

So SharePoint 2010 is great, and a fantastic platform which everybody is adopting, well most people. They have now come to realize the great power from using SharePoint for internet, intranet, extranet and even as a custom application platform. So to as SharePoint gains adoption, so does the Microsoft Azure Services in the cloud. One of the great additions in the cloud services is the advent of the Access Control Services which connect to SharePoint wonderfully and could be used for offering people access to your SharePoint by using multiple Identity Providers. Obviously there are many reasons for and against offloading your authentication out into the cloud but for now I am just going to focus on the configuration of it. So firstly you will need to actually get an azure account, so head over to http://www.windowsazure.com and create an account, use the trail for now but get one setup and login to access the Azure Management Portal. So let's begin. From the left panel at the bottom, select the "Service Bus, Access Control & Caching" option.

When this loads it will display the "AppFabric" option at the top for creating a new namespace for anyone of the options.

Select the "Access Control" option from the navigation tree.

To start with we need to create a unique namespace (URL endpoint) that we can use to get access to these services. With the "Access Control" selected, choose the "New" option.

You now have the ability to select a namespace for your endpoint. For me I use of course "helloitsliam", you will also need to set the country / region, the subscription should already be selected but if you have multiple you can select the one you wish to use. Once you have created it, it does take a little bit of time to become activate; it should then be listed as shown below with a status of Active.

So now we have the core endpoints created time to configure the service itself. Select the end point you created and you should now see the "Access Control Service" management link. Simply press this and it will redirect you to the management site for that service.

The configuration site lists out all the options needed to configure the access mechanism.

To start the configuration we will first set the "Identity Providers" that we wish to use with our SharePoint or claims aware application. Select the "Identity Providers" link from the left navigation and you will see the "Windows Live ID" service is there by default and notice you can't deselect it either J

To add new providers, select the "Add" option.

You are then able to set the provider to use and set any properties you need. In this example I am going to use Yahoo, but the process is similar for any of the providers except the "WS-Federation Identity Provider" option. So for now select the "Yahoo" option.

The first two options are just name and image that will be presented to the users logging in, the "Relying Party Applications" will be the SharePoint environment or a claims aware we application. In our case we do not have a relying party set, so this will be blank. Once saved, select the "Relying Party Applications" link and then select the "Add" option. As we are using SharePoint 2010, the following details need to be added.

The realm needs to be the URI that you wish to use to recognize the provider, and then the URL needs to be added so the provider will know where to redirect a successful authentication process. In our case it is:

http://sharepointsite.com/_trust/

A note here also, the default "Token Lifetime" is set 600, this can cause too many redirects when the users are accessing the sites, so I increased mine to 3600.

Next we need to set the providers that this relying party will be allowed to use. Just because you may have Facebook, Google, Yahoo and Windows Live ID configured does not mean that your site will just accept all of those. You need to set this manually.

You will also notice that it created a "Rule Group" for the relying party you created. The rule group is simply the allowed claims mapped from the providers that you will accept coming to the SharePoint or Claims Aware web site. By default it only shows the base claim that is required by Windows Live ID. To add more you can either manually add them to create custom mapping or click the "Generate" button which will read the federation XML and populate the list accordingly.

We will simply click the "Generate" link which will ask us which provider we wish to retrieve the claims from and then list them out for us.

So now we have our Identity Provider selected, Relying Party Set, Claims Mapped, we are good to go. We simply need to perform the SharePoint configuration telling it that we have a new Trusted Identity Provider which in our case is Windows Azure not Yahoo, even though that is the provider will have really chosen. For this trust to work we need a certificate that can be used as the signing mechanism, I got a free 90 SSL Certificate from Comodo and used that, self-signed certificates do not work so well here. The key here is whatever certificate you use, you need to have generated the PFX file from it so it can be added to the Access Control Service. Once that is done select the "Certificates and Keys".

This will display the certificates you have added yourself and the base ones provided as part of the Azure service. To add your own signing certificate, select the "Add" link. You will need to then select the relying party that you wish to assign to the certificate. Then the type, and upload with the password you created when exporting the PFX file.

You also have the ability to set this as the "Primary" certificate for that relying party. Now that is done time to configure SharePoint 2010 for using this Provider.

In the next post we will do the SharePoint configuration.

0 Comment(s)

December 01

Discount Discount Discount and Conferences

by liam.cleary

on 12/1/2011 12:40 PM

Category: Conferences; Speaking Engagements; SharePoint 2010; SharePoint; Ramblings

It is that time again where conferences are booked, travel arrangements are made and tweets and updates are sent. SharePoint Conference season never seems to go away which is great. If you happen to be in Salt Lake City, Utah this weekend then come along to SharePoint Saturday, details below:

http://www.sharepointsaturday.org/utah/default.aspx

If you can't make it then you could also be in Honolulu for their SharePoint Saturday tomorrow as well, would have loved to have been there, maybe next time.

http://www.sharepointsaturday.org/honolulu/default.aspx

If you like me, are looking at your schedule for the rest of the year and the start of next year then get something on your calendar.

SPTechCon 2010 in SanFrancisco. If you haven't booked and are thinking of going then use "CLEARY" as the discount code to get $200 off either the 3-day PLUS the preconference workshops passport or just a regular 3-day passport. Remember also if you register by December 16th, you will save another $450, which means if you do it in the next couple of weeks with my last name as the discount you will save a massive $650!!!

Last time I checked there are not many places offering that kind of discount. So head over there now: http://www.sptechcon.com/SanFrancisco2012/

And if you can't get to any if the above there are plenty of SharePoint Saturdays around over the next few months, if you are around I will see in Virginia Beach and Austin Texas in January. :-)

0 Comment(s)

November 17

SharePoint 2010 - “DateTimeControl” and Regional Settings

by liam.cleary

on 11/17/2011 1:02 PM

Category: SharePoint 2010; Forms; How To Code; SharePoint

During my lunch break when I play with code and SharePoint (go on admit it you do it too!!), I was working on some demo code and came across an issue while I was rendering a DateTimeControl in a page. It initially would render like this:

No default date or default time. Firstly I noticed I had not set a default date for the control, hence the blank values. So I added the following code:

Using the "SelectedDate = DateTime.Now" did display my control like this:

So success it displayed the current date and time as expected. So I decided to test some other functionality and changed my regional settings for the site collection I was on back to UK as shown below:

I then went back to my control on my page and it was still showing the date and time from my existing time zone:

If you look on the internet you will find a ton blog posts that talk about iterating through time zones using the TimeZoneInfo.GetSystemTimeZones class. This was a bit excessive and with SharePoint we should not have to do this. So looking into the "SPTimeZone" I found that with minimal coding I could get the date control to respect the time zones.

Note the "rsSet" is my variable that contains the regional settings from the "SPWeb" I am running the code in. Now when I ran my page code it worked as expected for any time zone.

United Kingdom - GMT

United States – GMT -5

Singapore – GMT + 8

And of course as expected, the date format for the location is respected. So a couple of lessons learnt:

Write the code correctly in the beginning J
Don't believe every code snippet on the Internet
There are multiple ways to do things
Stick within the SharePoint API where possible, it *should* be less code J

Hope this helps.

0 Comment(s)

November 14

Infringment? Really?

by liam.cleary

on 11/14/2011 7:40 PM

Category: Ramblings

After all these many years of surfing the internet, I recieved this message from Comcast:

Dear Comcast High-Speed Internet Subscriber:

Comcast has received a notification by a copyright owner, or its authorized agent, reporting an alleged infringement of one or more copyrighted works made on or over Comcast's High-Speed Internet service (the 'Service'). The copyright owner has identified the Internet Protocol ('IP') address associated with your Service account at the time as the source of the infringing works. The works identified by the copyright owner in its notification are listed below. Comcast reminds you that use of the Service (or any part of the Service) in any manner that constitutes an infringement of any copyrighted work is a violation of Comcast's Acceptable Use Policy and may result in the suspension or termination of your Service account.

If you have any questions regarding this notice, you may direct them to Comcast in writing by sending a letter or e-mail to:

Comcast Customer Security Assurance
Comcast Cable Communications, LLC
1800 Bishops Gate Blvd., 3rd Floor East Wing
Mount Laurel, NJ 08054 U.S.A.
Phone: (888) 565-4329
Fax: (856) 324-2940

For more information regarding Comcast's copyright infringement policy, procedures, and contact information, please read our Acceptable Use Policy by clicking on the Terms of Service link at http://www.comcast.net.

Sincerely,
Comcast Customer Security Assurance

{Filename, Date, Time, IP Address, Ports, Type of Network, Protocol used}

I was taken back a bit, as I was wondering what the issue was, looking at the details they sent me I have not downloaded anything remotley like it at all. Even searched my storage at home for it and nothing. I called up "Comcast Customer Security Assurance" who play a great message to you explaining in detail that it is down to me to resolve this issue. So I looked and looked and looked for the pesky file that I am supposed to have downloaded but nothing.

So lesson learnt, "Big Brother" is alive and well in the USA, and in some way I am happy he is, don't like these emails though that make you completely paranoid. So is this is a good thing? What do you think, knowing that somewhere on the world wide web is software scanning all your traffic looking for those "naughty" things you look at and download :-)

0 Comment(s)

1 - 10

RSS Feed

Alert Me

Liam Cleary [SharePoint MVP]

Liam Cleary [SharePoint MVP]

‭(Hidden)‬ Blog Tools