SharePoint 中的 IT 控管IT governance in SharePoint

摘要:了解控管 SharePoint 2013 服務時的關鍵因素,以及要在服務層級協議中包含的項目。Summary: Learn about key factors in governing a SharePoint 2013 service and what to include in a service-level agreement.

您將如何控制自己提供的服務?您將在每項服務中提供哪些項目?您將在每項服務的服務層級協議中納入哪些項目?您將如何防止未受管理的伺服器激增?在 IT 控管計劃中,應該要有一個部分來回答這些問題。How will you control the services that you offer? What will you provide with each service? What will you include in service-level agreements for each service? And how do you prevent proliferation of unmanaged servers? These questions should be answered as part of your IT governance plan.

建議您在建立 IT 服務來支援 SharePoint 時,要開發良好的控管計劃。良好的控管計劃可確保服務以安全又符合成本效益的方式,滿足貴組織的業務需求。當您對服務添加供應項目時,良好的控管計劃可協助您順暢完成作業。若要讓 IT 服務成功運作,一套良好的控管計劃應包含:We recommend that you develop a good governance plan when you create an IT service to support SharePoint. A good governance plan ensures that the service meets the business needs of your organization securely and cost-effectively. When you add to the service, a good governance plan helps you do so seamlessly. A good governance plan to run a successful IT service should include:

  • 控管小組負責定義服務的初始供應項目及其後續原則,並定期開會以評估成效。A Governance team defines the initial offerings of the service and its ongoing policies, and meets regularly to evaluate success.

  • 您開發的原則會傳達給您的組織來強制執行。The policies you develop are communicated to your organization and are enforced.

  • 鼓勵使用者使用該服務而不是建立自己的解決方案。系統會追蹤安裝,並封鎖不守規矩的安裝。Users are encouraged to use the service and not create their own solutions. Installations are tracked and rogue installations are blocked.

什麼是 SharePoint 服務?What is a SharePoint service?

SharePoint 服務是一種 IT 服務,提供以 SharePoint 為基礎的代管網站。SharePoint 服務的優點包括備份與復原、內容儲存、對自訂的支援、安全性,還有以速度和可用性為基礎的服務層級,這些優點的相關說明如下。A SharePoint service is an IT service that offers hosted sites based on SharePoint. The benefits of a SharePoint service include backup and recovery, content storage, support for customizations, security, and service levels based on speed and availability as show in the following illustration.

使服務達到成效的元素Elements of a successful service

當您規劃及實作 SharePoint 服務時,請考量下列元素,這些元素有助達到有成效的控管:As you plan and implement your SharePoint service, consider the following elements that can contribute to the success of the governing effort:

  • 召集並運作控管團隊。您的 SharePoint IT 服務應該要由專門的團隊控管,此團隊的組成包括執行關係人、業務部門主管、有影響力的資訊工作者、IT 經理及 IT 技術專員等等。控管團隊的目標應該是監督服務。在此職位上,控管團隊會定義服務的初始供應項目,並定期開會以評估成效。Form and use a governing group. Your IT service for SharePoint should be governed by a group that includes executive stakeholders, business division leaders, influential information workers, IT managers, and IT technical specialists, among others. The goal of the governing group should be to oversee the service. In this capacity, the governing group defines the initial offerings of the service, defines the service's ongoing policies, and meets regularly to evaluate success.

  • 傳達原則。您開發的控管原則必須公開給您的組織。請維護一個網站來說明該服務。Communicate the policies. The governance policies that you develop must be publicized to your organization. Maintain a website that describes the service.

  • 鼓勵使用服務。防止或禁止使用者部署自己的伺服器。鼓勵他們使用服務。不在控管內的伺服器,其設定可能不符 IT 安全性原則和組織法規需求。此外,使用者如果部署自己的服務,可能無法適當備份自己的伺服器,或用最新的軟體修補程式和更新將伺服器保持在最新狀態。最後,組織的索引服務可能無法偵測到未受服務控管之伺服器上的內容,形成隔離的內容集。Encourage use of the service. Discourage or block users from deploying their own servers. Instead, encourage them to use the service. Isolated servers may not be configured according to IT security policy and the organization's regulatory requirements. Furthermore, users who deploy their own servers may not properly back up their servers or keep servers up-to date with software patches and updates. Finally, content on servers that are not governed by the service may not be detected by the organization's indexing service, which may create isolated pockets of content.

要在 SharePoint 服務中控管的項目What to govern in a SharePoint service

請針對下表所示的範圍,決定限制和原則。Determine limits and policies for the areas shown in the following table.

在控管計劃中應設有限制或原則的範圍Areas that should have limits or policies in a governance plan

適用範圍Area 建議Recommendation
安全性、基礎結構及 Web 應用程式原則Security, infrastructure, and web application policies
系統和基礎結構的維護方式以及誰具有哪個層級的存取權?您要允許的最大上傳大小為何?您是否要控制微調權限的使用? How is the system and infrastructure maintained and who has access at what levels? What's the maximum upload size you want to allow? Are you controlling the use of fine-grained permissions?
資料保護 (備份與復原)Data protection (backup and recovery)
請根據服務層級來改變您提供的資料保護層級。請規劃備份伺服器陣列的頻率,以及您保證可以達到的資料還原速度。Vary the level of data protection that you offer based on service levels. Plan how often you back up the farms and how quickly you can guarantee the data is restored.
網站原則Site policies
請使用網站原則協助控制網站激增。網站原則透過指定網站何時關閉及刪除,來定義網站的生命週期。當您關閉或刪除網站時,也會關閉或刪除任何子網站。如果網站有相關聯的 Exchange 信箱,刪除網站時,也會從 Exchange Server 2013 刪除該信箱。 Use site policies to help control site proliferation. A site policy defines the life cycle of a site by specifying when the site will be closed and when it will be deleted. When you close or delete a site, any subsites are also closed or deleted. If an Exchange mailbox is associated with a site, the mailbox is deleted from Exchange Server 2013 when the site is deleted.
配額Quotas
配額範本會定義網站集合中可以儲存的資料量,以及上傳檔案的大小上限。在不同的服務層級下,請讓不同的配額範本與網站集合產生關聯。 Quota templates define how much data can be stored in a site collection and the maximum size of uploaded files. Associate different quota templates with site collections at different service levels.
資產分類Asset classification
請依內容對組織的價值與影響來分類網站和內容 (例如,高、中或低業務價值/影響)。該分類接著會再控制其他需求,例如加密高業務影響的資訊。Classify sites and content by value and impact of the content to the organization (such as high, medium, or low business value/impact). That classification then controls other requirements, such as encryption for high business impact information.
衝擊 = 外洩Impact = Exposure
如果外洩,會對我的業務造成傷害嗎?If this leaks, will it hurt my business?
價值 = 可用性Value = Availability
如果無法使用,我的業務能夠繼續運作嗎?If this isn't available, can my business run?

服務層級協議Service-level agreements

您的組織應該為您所提供的每項服務建立適當的服務層級協議。良好的服務層級協議應該包含:Your organization should create appropriate service-level agreements for each service you provide. A good service-level agreement should include:

  • 核准程序,包括建立網站所需的時間長度與核准機制。The approval process, including the length of time and approvals necessary to create a site.

  • 對使用者或部門帶來的成本。Costs for users or departments.

  • 作業層級協議,指定哪些小組執行哪些作業和執行頻率。Operations-level agreement, which specifies which teams perform which operations and how frequently.

  • 有關透過支援小組來解決問題的原則。Policies around problem resolution through a support team.

  • 所協商好有關第一次載入網站、後續載入與在遠端位置時之效能的效能目標。Negotiated performance targets for first load of a site, subsequent loads, and performance at remote locations.

  • 修復、負載平衡與容錯移轉策略。Recovery, load balancing, and failover strategies.

  • 自訂原則。Customization policies.

  • 內容和網站的儲存限制。Storage limits for content and sites.

  • 如何處理無活動或過時的網站。How to handle inactive or stale sites.

  • 多語系支援。Multilingual support.

對部署的控管Deployment governance

您除了控管自己所提供的服務之外,也必須控管您環境中的 SharePoint 安裝。In addition to governing services that you offer, you also need to govern installations of SharePoint in your environment.

  • 追蹤安裝 名為「服務連線點」的 Active Directory 網域服務 (AD DS) 的標記用來識別組織中的 SharePoint 伺服器。如果您要追蹤所有網域中的安裝,請為組織中的每個網域設定此標記。請參閱< 追蹤或封鎖 SharePoint Server 2010 安裝>。Track installations An Active Directory Domain Services (AD DS) marker named Service Connection Point identifies the SharePoint servers in an organization. Set this marker for each domain in your organization if you want to track installations in all domains. See Track or block SharePoint Server 2010 installations.

  • 封鎖安裝 您可以封鎖 SharePoint Server 2016 的安裝,以防止使用者將其安裝至您不要支援的未經授權伺服器。請在 Active Directory 網域服務 (AD DS) 中使用「群組原則」,在所有伺服器上設定一個登錄機碼來封鎖安裝。此登錄機碼預設存在於 SharePoint Server 2010,但是不包含在 SharePoint Server 2016 中。如果您要封鎖安裝,可以自行在登錄中建立此登錄機碼。請參閱< Track or block SharePoint Server 2010 installations>。Block installations You can block installations of SharePoint Server 2016 to prevent users from installing it to unauthorized servers that you don't want to support. Use a Group Policy in Active Directory Domain Services (AD DS) to set a registry key on all servers to block installations. This registry key existed by default in SharePoint Server 2010, but is not included in SharePoint Server 2016. You can create it yourself in the registry if you want to block installations. See Track or block SharePoint Server 2010 installations.

  • 用軟體更新保持在最新狀態 請將您的伺服器保持在最新狀態。測試並安裝建議的軟體更新。針對 SharePoint Server 2016,請參閱 更新資源中心Keep current with software updates Keep your servers current. Test and install recommended software updates. See the Updates Resource Center for SharePoint Server 2016.

  • 網站集合升級 網站集合現在可以在內容資料庫以外獨立升級。請決定當有新版本或更新可用時,負責升級網站集合的人員、時間及方式。請參閱< Plan for site collection upgrades in SharePoint 2013>。Site collection upgrades Site collections can now be upgraded independently from the content databases. Determine who, when, and how to upgrade site collections when a new version or an update is available. See Plan for site collection upgrades in SharePoint 2013.