In a prior blog I outlined a best practice approach for migrating to Office 365. Whether your just getting started or have had some false starts this blog and the series that follow will help you kick off your project or get you back on track. These blogs are written for the technical PM or the technical staff looking for guidance on the subject.
To get started I will assume you have gone through your initial feasibility assessment and are a go. You are now at the stage of building your plan so you can execute your migration. If have not read my blog 12 steps to get to the cloud please read it now so we are on the same page regarding the work required to migrate successfully. For now i will assume steps 1 and 2 are complete, note that step 2 is critical as if you have issues with your farm such as errors and or capacity issues those will impact steps 3 onward – please correct those.
The discovery will provide critical reports that detail your SharePoint farms and business data. For the SharePoint farms, site owners, a detailed inventory of their configuration, customizations, data policy violations, third party tools to name a few. This inventory is very important because there could be elements of your configuration that cannot be migrated to the cloud (e.g. customizations, third party tools not available for the cloud). For the business data, a detailed inventory of the site ownership, data contained within the sites, meta data, classification and security information. This report is critical to understand SharePoints current state regarding data and security policy compliance. Your records manager and security manager will be able to provide significant guidance in this area. For discovery tools, most venders provide tools for conducting the discovery exercises.
SharePoint farm data includes:
- Provisioning, monitoring, correction and retirement systems, process and policy review. Documenting current strengths, gaps and risks with current solution and create plan to integrate Office 365. For example, data and security policy controls must be integrated into solution and be monitored, reported and enforced. user training and referenced material required so that end users are aware and informed.
- End user training and support solutions must be reviewed, gaps/risks identified and a plan created. This include a central repository for training materials such as quick reference, how to videos, FAQ and QA forums to name a few. Also, training and compliance sign offs enforced by HR.
- Server hardware and operating system information, location, capacity details, SharePoint version and patching details and third party tool/in-house developed add ons/customizations. It also includes a list of web applications, sites collections, sites and detail regarding each. For example, site collection type, features enabled, managed paths, site ownership, customizations consumed and inventory of sites, data, workflows, content types, templates and lists. Some useful scripts if you don’t have tools.
- Network and security systems must also be assessed to make sure there is sufficient capacity, data policy enforcement tools, process and people in place to ensure compliance – control plan enforcement. This will help come audits to demonstrate compliance. If your not familiar with the topics visit SharePoint Pro for some of my articles and webinar recordings.
- Security and data policy scans and reports must be completed of production environment to confirm sites are secure. If your organization doesn’t scan again open sites, run scans for NT\Authenticated user and Everyone as this is a security whole in most cases. Also run Credit Card and Personal Information scans as well to identify non compliant sites.
- Application inventory is a detail view of each application that will be used to access its viability in the cloud or as a hybrid. Working with the business and IT owners to review requirements documentation (Functionality, architecture, SLAs etc.) and assessing workload requirements. For example the application may be an ideal candidate for the cloud running on Azure or it may be so old that it requires updating to run on the latest OS. There might also be interdependencies and latency might cause code to break. Worst case the developers are gone and there is no source control or documentation.
- Business data inventory is a detailed review of data residing on the farm with emphasis on data and security management policy compliance. The data on the farm is assessed for compliance to prevent customer data and or company confidential data from being placed in the cloud – security and risk teams nightmare. The data assessment requires a detailed scan of all site collections and sites using a tool (Nextlabs, Symantec, Quest and ShareGate are good companies to work with on this.) that can scan the data and look for patterns such as credit cards, social insurance numbers and the like. The tools also enable you to create your own patterns that enable you to scan on information related to your custom business processes such as account codes.
Key outcomes from this step are as follows:
- You have an up to date list of site owners.
- The farm configuration is documented.
- Customizations and documentation uploaded to source control library.
- The site collections and sites are documented.
- Data residing on SharePoint that’s not within policy is listed in a document.
- Security settings on SharePoint that’s not within policy is listed in a document.
- Network impact assessment and recommendations.
- Capacity projection for number of users and data along with associated risks (e.g. will more servers and storage be required? How much? When?).
- The aforementioned documentation/reports are dynamic and can be updated by running tools.
Once you have the data its time for step 4, Develop an Information Architecture. That will be the next blog.
Have feedback? Would like to hear from you and your experience.