View
49
Download
1
Category
Preview:
Citation preview
ATHOUSANDDAYSADeepDiveintooneOffice365SharePointOnlineMigrationProject.
Activity Decision Blocker Update ActivityEnd
RobertTucker&DanielMcPherson
RobertSTucker
Job:InformationTechnologyArchitectInIT:34years
42
Migration– 1000DaysPlatform
Sizing
25 Microsoftteamsinvolved40 in-houseteammembers200 in-houseUATtesters497 databases7.5K SharePointworkflowsrepublished10.5K SiteCollections90K Sites166K users17.5M ACLs,identitytransformed170M objectsindexed180TB ofmigratedcontent
20TB
StartDateJune2014
BPOS-DSharePoint2013
TargetisDedicatedvNext
MigrationProject– Overview
SharePoint2013BPOS-D“BIG-BANG”MigrationtoOffice365SharePointOnline
SettingTheScene
StartedweredecommissioningOpenTextLiveLink
SharePointpositionedforDocumentManagement
Migrating160TBofLiveLinkcontenttoSharePoint
Wherewewereinthetimeline
JustMigratedSharePoint2010toSharePoint2013
Microsoftrecommendedmaximum2yeartimeperiodbeforewe
mustbeoffBPOS-D
Currentenvironmentisahighlycustomisedenvironment
LiveLinkMigrationsstarting
D-vNextOne-TimeMigrationWhatToLookOutFor
Pre-Requisites
• FullDirectoryandAADConnect• FTCRemoval
• URL’sProvided• NetworkTasks• SiteCollectionsUpgraded• Office2010->2013+• IE11orlater
LiveLinkMigrationLiveLinkMigrationplannedthroughtoend2015
Apr-14
Office365SharePointOnlineMigrationProjectStartsProjecttomovetoSharePointOnlineisstarted.InitialtargetisOctober2015
Jun-14
MoveAllFullTrustCodeAppstoProviderHostedWewillalignourplatformfullywithMicrosoftrecommendations
Jun14
CompleteSharePoint2013UpgradeComplete2013Upgradebycompletinglastofsiteconversionsto2013
Sep-14
ConvertallFullTrustCustomisationsandbuildanOn-premisesCAMPlatformtohostImplementlocalCAMhostingplatformduetolackofmatureAzureService
Oct-14
O365viaInternetDecisiontouseInternetonlyconnectivityforO365
Dec-14
NeedBetterPermissionsManagementDecisiontouseexternalCustomClaimservicetomanagepermissionsoncurrentplatform.
Dec-14
ImplementNewCustomClaimServiceCustomclaimstobeintroducedformulti-sitepermissionsmanagement
Feb-15
IE11&Office2010RequiredIE11andOfficeProPlus2010arequirementforO365
Feb-15
StartIE11UpgradeUpgradetoIE11on90kmachines,UpgradetoWin7asminimum
Mar-15
DataCentreClosureDateAmsterdamBPOS-DDatacentrewillcloseAugust2016
Mar-15
CoreAppsDelayedRemovaloffulltrustcodedelayed
Apr-15
AuthenticationNotWorkingO365authenticationnotfunctioningforO365-issuesforexternalusers
Apr-15
MigrationDelayedMigrationDelayedtoJuly2016
Apr-15
Office2013RequiredOffice2013nowdefaultrequiredforO365
Apr-15
CoreCAMAppsDeliveredCorePlatformAppsdeliveredasproviderhostedApps
[Plan:8months,took14]
Sep-15
CustomClaimsImplementedCustomClaimsLive
May-15
On-premisesAppPlatformReadyProviderhostedappplatformdelivered
May-15
AdoptHybridSearchDecisiontomoveSearchtoBPOS-DearlyashybridusingSearchappliances
Jul-15
MigrationApproachAgreedMaxstorageonfarmis200TB,phasedmigrationcannotretainURL,BigBangtheonlyoption
Sep-15
StopAllNewLargeQuotaSitesNeedtoreducelargequotasitesandshrinkcontentdatabases(splitandshrink)- multipleweekendoutages
Nov-15
AzureHostingplatformdeliveredAzureproviderhostingplatformforSPAdd-Ins[Plan:5months,took12]
Nov-15
ChooseOfficeProPlus2016GowithOffice2016ProPlus- JustannouncedbyMS
Nov-15
DesignCustomisationFrameworkDevelopcustomisationframeworktosimplifyandcentralisesite
Nov-15
LargeScaleCustomisationImpactsNeedtoreducehugenumberofindividualcontentcustomisations(JavaScriptetc)
Nov-15
AuthenticationImprovementsdelayedforExternalPartnerusersAuthenticationsolutionbehindondeliverytosupportO365end-2-end
Nov-15
MicrosoftMigrationToolingLimitationsMicrosoftmigrationtoolingcannothandlelargecontentdatabases(>2TB)
Nov-15
SearchProjectDelayedDependencyonAzurehostingserviceforhybridsearchappliances
Dec-15
ImplementCustomisationFrameworkIntroducetheCustomisationFrameworktomanagerampantcustomisations
Dec-15
AdditionalContentDBshrinksMoredatabaseShrinksandsplitsneededascontentdatabasesweretoolargeformigrations- migrationtoolcouldn’thandlethem
Nov-15
Permissions&Identities§ WhenmigratingfromSharePoint
OnlineDedicated(SPO-D)toDedicatedvNext,useridentitiesneedtochangefromWindowsidentitiestoAzureActiveDirectory(AAD)identities.
§ Becauseofthisidentitychange,theWindowsidentitiesexistinginyourSPO-DcontentmustbemappedtoAADidentitiesduringdatamigrationevents.
Identities
§ MakeuseofthereportsprovidedbyMicrosofttoidentifythevarianceinyouron-premisesusers,andyoursynchronisedAzureActivedirectoryusersandgroups
§ Allusers(andoptionallygroups)mustbesynchronizedtoAADbeforemigrationifyouwanttopersistuseoftheseforpermissionsonyourmigratedcontent
§ Licensesshouldbeappliedtoallusers.NB:IngenerallicencecheckingforSharePointOnline(doesnotapplytoExchangeorOneDrive)maynotinitiallybeenabledbutmusteventuallybeenabledtoensurecompliance
§ UsersthatyouidentifiedwhoareintheVarianceReportareusersthatwillnolongerbeaccessingSharePointcontent.Thesewillnotbemappedresultingintheseaccountsbeingunabletoaccessthenewenvironment
§ AccountslistedwithintheVarianceReportmustbevalidatedagainsttheSecurityIdentifiers(SIDs)only.EnsureyouexcludehistoricalSID’sofdeletedaccounts.
TheprincipalgoalofIdentityMigrationistosynchalldesiredusersandgroupsinyourAADandproduceaValidated Identity MappingFileandSkipListusedintheMigration
• Questionnaire• AADSetupandSynchTimeline
• ScheduleReview
Kickoff
• InitialAADSynch• InitialScantounderstandIdentityVariancew/Users&Groups
9monthstoMigration • Identity
VariationReport#1
10weekstoMigration
• IdentityVariationReport#2
8weekstoMigration • Identity
VariationReport#3
4weekstoMigration
• IdentityVariationReport:FINAL
1weektoMigration
• ValidatedIdentityMappingFileandSkipList
MigrationWeekend
TheIdentityVariationReport(IVR)isanewinformationtool thatsurfacesuniqueIDs(akaIdentityObjects,SIDs)thatMicrosoftisuncertainaboutwhethertomigrateorskip.
ThegoaloftheIVRistofacilitateanalysis,reviewandfinalcustomerdispositionaboutwhethertomigratetheSID(SIDisinmappingfile)orskiptheSID(SIDisnotinthemappingfile)
AAD
IdentityMigrationProcess Overview
TypicalPermissionsMappingsforSP2013toOffice365SPO
back
UserNow MappedTo ExpectedaftermappingonSPO
Everyone[c:0(.s|true] Everyone[c:0(.s|true] Everyone[c:0(.s|true]
NTAuthority\AuthenticatedUsers
[c:0!.s|windows]
NTAuthority\AuthenticatedUsers[c:0-
.f|rolemanager|spo-grid-all-
users/db1e96a8-a3da-442a-930b-
235cac24cd5c]
Everyoneexceptexternalusers[c:0-
.f|rolemanager|spo-grid-all-users/db1e96a8-a3da-
442a-930b-235cac24cd5c]
ACME[c:0ǿ.t|partners|pdo] ACME[c:0ǿ.t|partners|pdo] DG-ACME-ZZ-SPO-EXTRN-ACME-CORPORATION
[c:0-.f|rolemanager|s-1-5-21-3335339047-
1235679043-2628806996-288605]– anewly
createdAzureActiveDirectoryGroup.
AllAuthenticatedUsers
[c:0(.s|true]
AllAuthenticatedUsers[c:0(.s|true] Everyone[c:0(.s|true]
AllUsers– External(CustomClaim)
[c:0!.s|trusted%3apartners]
AllUsers– External
[c:0!.s|trusted%3apartners]
<Willberemoved– CustomClaimsarenot
supported>
ToPayAttentionToPostMigration§ Accountentrieswillpersisteveniftheyareno
longerinAAD.E.g.youmayneedtomanuallyremoveoldaccountentriesinSharePointGroupsandSiteCollectionAdministratorswheneditinggroupsorpermissionsdirectly.Thereisnosimplewayofremovingstaleaccounts.Thesewillalsopersistinuserfields(e.g.modifiedby/createdbybutwillbestoredastext)
§ OldADgroupswhicharenotsyncedtoAADwillpersistbutwillnotactuallyprovideanyprotectionorpermissionscontrol.Againthesewillrequiremanualcleanup.
ConnectedApplications§ Whatisa“Connected
Application”?§ Whydidtheyneedremediation?
(192)§ AzureADAuth versusACS§ Leastprivilege.
back
RECA
P
KeepingOurEyesOnStorage2015ViewPoint– TakeAway
MonthlyGrowthDelta
1.05TBRunoutEstimate
July2016GoLiveData
Oct2015
WeneededtoensurethattheglidepathforstoragewasinlinewithourpredictedmigrationdatetoOffice365.
1. BPOS-Dtenantextractswerenotcompleteenoughanddidnotrepresentthetruestatisticsonavailableorusedstorage
2. Recoveredstoragefromsitedeletionsandsplits-shrinkswasnotconsistentnordiditrepresentthestoragewhichwasbeing‘deleted’
PredictedStorageThrough2016
115
135
155
175
195
215
235
255
Sep-15
Oct-15
Nov-15
Dec-15
Jan-16
Feb-16
Mar-16
Apr-16
May-16
Jun-16
Jul-16
Aug-16
Sep-16
Oct-16
Nov-16
Dec-16
Jan-17
Feb-17
TBUsedandReservedStorage
Month
PredictedStorageThrough2015- Week28- 2015
STORAGE Week28
Jul-16
MonthlyGrowthDelta
1.15TBRunoutEstimate
July
2016
GoLiveData
Oct
2015
Oct-15
ThingstoPayAttentionto
§ Ensureyouminimisereservedstorage
§ Ensureyouhavevisibilityoncontentdatabasesize– helpstoknowifadvancedremediationwillberequired– workwithMicrosoftonthis
§ Expeditehousekeepingandremovestalesites(orarchivethem)
§ IfyouplanlargescaledatamigrationtoSPOaftermigration– informMicrosoftwellinadvanceofthemigrationvolumestoensuretheybuildoutyourtargetplatformcorrectlybasedonyourpredictedorplannedvolumes
back
§ Theadviceistochooseautomatedstoragemanagementonthetenantratherthanmanualmanagement–simplifiesyouradministration.
§ UnderstandhowstoragereportingisshownonSharePointOnlinesitecollections– itsslightlydifferentthanon-premisesstoragemetrics
PredictedStorageThrough2017
115
135
155
175
195
215
235
255
Sep-15
Oct-15
Nov-15
Dec-15
Jan-16
Feb-16
Mar-16
Apr-16
May-16
Jun-16
Jul-16
Aug-16
Sep-16
Oct-16
Nov-16
Dec-16
Jan-17
Feb-17
TBUsedandReservedStorage
Month
PredictedStorageThrough2015- Week47- 2015
STORAGE Week47
Apr-17Sep-17
MonthlyGrowthDelta
1.16TBRunoutEstimate
April
2017
GoLiveData
Sep
2016
KeepingOurEyesOnIssues2015ViewPoint– TakeAway
MonthlyGrowthDelta
1.05TBRunoutEstimate
July2016GoLiveData
Oct2015
Wehadseveralhighrisk,highimpactissuesandalotofmediumrisk,mediumimpact.Difficulttoclose:
1. Issueswerebeingaddedfasterthanwewereclearingthem
2. Revelationsaboutstorage,theplatform,connectivity,search,permissions,newcapabilities,removalofoldcapabilities,andtheimpactonlandscapecomplexitywithSharePointAdd-Inswereallcontributing.
Sep42015
IssuesProfileList- 2015 HIGHRISK
6MEDIUMRISK
8LOWRISK
3
Sep112015
HIGHRISK
6MEDIUMRISK
8LOWRISK
3
IssuesProfileList- 2015
Sep182015
HIGHRISK
7MEDIUMRISK
6LOWRISK
4
IssuesProfileList- 2015
Sep252015
HIGHRISK
3MEDIUMRISK
9LOWRISK
5
IssuesProfileList- 2015
Oct22015
HIGHRISK
3MEDIUMRISK
11LOWRISK
6
IssuesProfileList- 2015
Oct122015
HIGHRISK
4MEDIUMRISK
10LOWRISK
6
IssuesProfileList- 2015
Oct162015
HIGHRISK
5MEDIUMRISK
9LOWRISK
6
IssuesProfileList- 2015
Oct232015
HIGHRISK
4MEDIUMRISK
11LOWRISK
5
IssuesProfileList- 2015
Oct302015
HIGHRISK
3MEDIUMRISK
12LOWRISK
5
IssuesProfileList- 2015
Nov62015
HIGHRISK
4MEDIUMRISK
12LOWRISK
5
IssuesProfileList- 2015
Nov202015
HIGHRISK
4MEDIUMRISK
12LOWRISK
5
IssuesProfileList- 2015
MigrationDelayedDelayvNextmigrationtoQ22016
Feb-16
UpgradeInternetBreakoutsUpgradeInternetBreakoutsGlobally
Feb-16
DataCentreMoveDelayedTheDatacentre movewasdelayedoncemorewhichgaveusmoretime.
Apr-16
ReportsHighlightRisksTheMicrosoftreportshighlightedseveralkeyriskareasforourmigration.
Apr-16
Assessremovalofthe“happyhour”Impactof5000ListViewThresholdlimitnotclear- Projecttoevaluate
Feb-16
SharePointDesignerUnsupportedMicrosoftconfirmsnosupportforSPD(forADaccounts)
Mar-16
BuildDTAPEnvironmentDesign/BuildDTAPenvironmentsacrossmultipletenants
Mar-16
DynamicGroupsNotSupportedDynamicsgroupsNOTapprovedforusewithSharePoint- importantforpermissions
Mar-16
RemoveCustomClaimsCustomClaimsremovedfromplatform
Mar-16
OfficeProPlusRolloutBeginrolloutofOfficePP2016for110kmachines
Mar-16
DTAPDEVELOPMENT,TEST,ACCEPTANCEANDPRODUCTION.
§ O365hasnotbeendesignedwithDTAPinmind.
§ WhyareyouimplementingDTAP?
§ Whatimplementationprotectsyoufromwhatrisks?
§ WhydidShellimplementDTAP?§ Slowsthingsdown,toolingmayberequired.
ReviewHappyHourRemovalImpactImpactofHappyHourremoval- 5200largelistsrequireremediation(indexedcolumnsadded)-largest4.6m,165@1m+
May-16
CommissionDTAPtenantIntroduceDTAPapproachwithM/Ttenant
May-16
UpgradeInternetBreakoutsProjectapprovedtoupgradeInternetbreakoutsacrossmainhubs(US/Europe)and12localoffices]
May-16
UATDatesSetDefineUATmigrationtestingplanning
Mar-16
URL’sFinalisedConfirmall4tenantURL’s
Apr-16
Largelistsandthe“HappyHour”§ Firstabitofbackground.§ Don’tbelieveeverythingyouread.§ Mythsandmisinformation.§ TypesofThreshold(ListversusLookup).
§ Keytoitis:§ ColumnIndexing§ MetadataNavigation§ Office
WhatYouWillEncounter
• 8785lists>5000items
• 57,000viewswhichwereimpactedandneededremediating
• Fixconsistedof:Addingindexedfieldstocolumnsbasedontheviewdefinitions• Collectallviewdefinitions• Definethenewindexedfields• Indexthefieldsandupdatetheviews• 5000viewswhichcouldnotbefixed• Approx.26,000wouldworkbutcouldbefixedquickly• Approx.25,000requiredfixingorwerenotimpacted
• Across10,000sitecollections,90ksites.
ScaleoftheProblem
TheScaleoftheProblemWefaced
LargeListTooling- Demo
https://github.com/RapidCircle/SharePoint-Large-List-Guidance/wiki back
HybridSearchLiveHybridSearchenabledonOffice365
Jul-16
IE11RolloutCompletedIE11rollout
Jun-16
MovetoSoftwareProxiesMovetosoftwareproxiesforInternetBOupgrade
Jun-16
HTMLUnsupportedMicrosoftremovessupportforHTM/HTMLfiles- exposure=2.6mfiles
May-16
MigrationDelayPlanforlateSep16-willexecute2Dryruns- Aug,Sep
Jun-16
InternetBreakoutsDelayedDelayingettingnetworkinternetbreakoutsupgraded
Jul-16
NewMigrationToolingNewmigrationtoolingnowsupport3.8TBdatabasessosplitsandshrinksnolongerrequired
Aug-16
DryRunNotSuccessful1stdryrunawasnotreallyproductiveduetoconnectivityissues(newfirewallrulesandhostfileswerenowrequired)
Aug-16
DryRun/UAT1ExpeditethefirstDryRun/UAT1formigration
Aug-16
DynamicGroupsSupportedDynamicsgroupsapprovedforusewithSharePoint
Aug-16
UAT2:MinimalSuccessUAT2[noconnection,nowebapps,nosearch,-permissionsmappingincorrect- toolingapparentlynotupdated]
Sep-16
SPAdd-inDTAPhostingenvironmentsMultipleAzurehostingenvironmentscompleteforSPAdd-InDTAPenvironments
Sep-16
ConnectedAppFirewallsAdditionalfirewallrulesrequiredandintroducedfromdatacentrestosupportall87connectedapptesting
Sep-16
HappyHourRemediationAlllistsimpactedviaHHremovalareremediated
Sep-16
UATFirewallsUpdate20orsofirewallswithnewrulestoallowaccesstoUATtenant
Sep-16
ClientHostFileUpdateBuildanddeployhostfileswitcherbatchfilesolutionandrolloutto200testers
Sep-16
WorkFlowIssuesFoundDiscoverworkflowmigrationimpact(theywouldstop)foranyworkflowwithemailsusingoldaccountstructure(10k)
Oct-16
SoftwareProxiesCommissionedCompleteimplementationofsoftwareproxies(GlobalPACfilechanges)
Nov-16
HTMLConfigSwitchMicrosoftrestoresswitchtoenablesupportforHTM/HTMLfiles
Oct-16
UAT3:BetterSuccessUAT3:Webappsnotworking(expected),emailsworking,workflowsworking
Nov-16
Workflows
§ UnderstandandworkwiththeMicrosoftreportstoidentifyallworkflowswhichmaybeimpacted.
§ Toavoidunnecessaryworkflowrestartsitisbesttocompletein-flightworkflowsbeforethemigrationeventwhenyourcontentismovedtothevNextenvironment.
§ FollowtheadviceprovidedintheMicrosoftreportsaspartofyourmigrationpreparation– especiallyonwhichworkflowswillbeimpactedandhowyoucanremediatethem
PrepareforMigration– 2010WorkflowsExtractFromMicrosoftDocumentation§ Allworkflowswithemailactivitywillneedmanualremediation.
§ Whereidentitiesarepresent,followMicrosoftguidanceforscenarioswhere(thislistisnotexhaustive):
§ TheactivitieswiththeidentitieswereprocessedonSPO-Dpriortomigration
§ Iftheworkflowinstancehasaninvalidemail
§ TheworkflowshowsasInProgress,butdoesn’tprogress
§ IftheworkflowsshowErrorOccurred
§ WhereConditionalrulesexist
§ WheretheworkflowisCheckedOut
§ Theaccountwhichpublishedtheworkflowisnolongerpresent
§ Emailswhichusemailenabledsecuritygroups
§ ActivitiesthatEmbedIdentity– 2010(notexhaustive)
§ SendanEmail
§ LookUpManagerofaUser
§ AssignaFormtoaGroup
§ Assignato-doItem
§ CollectDataFromaUser
§ CreatedbyaSpecificPerson
§ ModifiedbyaSpecificPerson
§ PersonisavalidSharePointUser
PrepareforMigration– 2013workflows– ExtractFromMicrosoftDocumentation§ Allworkflowswithemailactivitywillneedremediation.Youmustmanuallycorrectthiswithintheworkflow.
§ Noworkflowstateinformationisretainede.g.theywillallstopaftermigration
§ Workflowhistory- workflowhistoryandtaskhistoryarenotretained.
§ Identitytransformationforemailaccountsisrequired
§ Forreadonlymodeduringmigration,Workflowstatusisnolongeraccessible.
ActivitiesThatEmbedIdentity- 2013§ SendanEmail§ LookUpManagerofaUser§ AssignaFormtoaGroup§ Assignato-doItem§ CollectDatafromaUser§ CreatedbyaSpecificPerson§ ModifiedbyaSpecificPerson
§ PersonisavalidSharePointUser
§ StartApprovalProcess§ StartCustomTaskProcess§ StartFeedbackProcess
SummaryComparisonofWorkflowImpacts
back
2010Workflows§ Historywillberetained§ Workflowlogic
§ WithUserIdentityinformationWONTWORK§ WithoutUserIdentityinformation– WILLWORK
§ Workflowswithanuserimpersonationsteppersistsidentityoftheuseraccountthatpublishedtheworkflow
2013Workflows§ History,althoughmigrated,nolongerassociatedwithWorkflow§ Workflowlogic
§ UserIdentityinformationwillbebroken§ Willlosestateinformation§ Mustberestartedpostmigration
§ UATTestingisavailableforboth2010and2013Workflows
§ FinalMigration–Testingof2013WorkflowsoccursafterDNScutover
§ ChangedrivenbyanarchitectureChangefor2013Workflows
§ ReportsareavailablefromMicrosoftaboutstatusesofworkflows– usethese!
PlanforUAT4Mostworking- newproblemsdiscoveredfromUAT1/2&3.ForMarGo- WeplananotherdryruninFeb17
Dec-16
WorkflowProblemExtendsDiscoverworkflowmigrationimpact(theywouldstop)foranyworkflowwith2otherconditions(15k)
Nov-16
AllconnectedappfirewallsconfiguredforUATCompleteimplementationoffirewallchangesforallconnectedappsandtestersingloballocations
Nov-16
DelayMigrationMigrationpostponed:Businesseshadcriticalprocessinprocessandcouldnotdeferthem- thereforemigrationinDecwaspostponedtoMar17
Dec-16
UATSearchstillnot100%Keyconnectedappsstillcannottest.
Dec-16
Search
§ Biggestsingleimpactformigrationisthere-indexingtime– workwithMicrosofttounderstandwhatthatwilllooklike
§ Knowyoursearchconfiguration§ UnderstandwhatwillbeavailablewithinyourUATenvironmenttoprepareyourbusinesstesting
ThingsToPayAttentionTo
§ ImplementinghybridsearchearlymaypreventusageofyourtargetDedicatedOffice365tenantforUATTesting
§ Understandanddocumentyoursearchconfiguration.ConfigurationshouldbecheckedduringeachUATforallmanagedpropertymappings
§ Custompropertiesshouldberevalidated(thereisalimitonSharePointOnlineofthenumberofcustommanagedpropertiesallowed)
back
§ Prepareforre-indexingtime–fullresultsmaybeunavailableforacertainperioddependingonyourmigrationapproachandsourcetenantsize
§ Migrationofcustomsearchlandingpageswillrequirecarefulhandling
IdentifyImpactedWorkflowsIdentifyworkflowsimpactedbyworkflowissues(reportdesign)
Feb-17
LargeScaleWorkflowImpactsDiscoverworkflowmigrationimpact(theywouldstop)foranyworkflowwithanyof7conditions(37000)
Feb-17
OfficeProPlusRolloutCompleteOfficePP2016rollout
Feb-17
DTAPServiceDeliveredDTAPProcessfinalisedandinservice
Feb-17
CompleteNewSearchDesignCompletenewsearchdesignforUAT4
Feb-17
RunningWorkflowsRemediated37000workflowrunninginstancesin273sitecollectionswouldstop(3902010,3912013)
Feb-17
MigrationPlan(FINAL)agreed.End-2-Endplanformigrationweekagreed.
Mar-17
IdentifyBusinessCriticalWorkflows3500workflowswillneedtoberemediatedorconvertedtoWorkFlows 2013.
Feb-17
UAT4Complete90%Connectivityproven.MuchmoresuccessfulUAT4completed:Stillnofullsearchtest
Feb-17
WebAppPoliciesFixedMigrationofwebapppoliciesnolongerrequired.
Mar-17
UATenvironmentsandtesting
§ UserAcceptanceTesting(UAT)isvitallyimportanttoasuccessfulmigration,asitistheopportunityforyoutoseeyourcontentandadd-inswithinthenewvNextenvironment.Youcanreviewhowtheenvironmentlooksandfunctionspostmigration,andhowyourenduserscaninteractwithit.
KnowYour§ CriticalBusinessProcesses§ EnvironmentandhowitsUnique§ PermissionModel§ CriticalTools§ Critical Features
TestPlansKeytoSuccess
Do§ ProvideCritical
ScenarioCoverage§ WorkwithRelease
Managers§ AskOthersabouttheir
Experiences§ Supplybusinesscritical
items
DoNot§ Assumeitwillwork§ Assumeithasalready
beentested§ Testusingadmin
accountsonly
Thingstopayattentionto§ Itisimportanttoidentifyateamofbusiness
andtechnicalusersthatcansupportUATastesters
§ Allocateenoughtimedependingonthesizeandcomplexityofyourenvironment
§ Improperuseracceptancetestingcanresultinmisseddeadlines,wastedresources,andaddedcost.
§ Ensureyoure-checkanyissueshighlightedinpreviousiterationsofUAT’s
§ EnsureconnectivitytoyourtargetUATenvironment.
§ Ensureallconnectedappscanauthenticatetothetenant(seeconnectedapps)
§ Ensureyourtestersareawareoftheirresponsibilitiesandpredictedoutcomes.
§ Haveavalidtestplanforstandardcapabilities,customisedsites,applications,connectedapps
§ UsealloftheUATavailabilitytime
§ CaptureandaddresseachfindingwithMicrosoftoryourbusinessteams
TestPlanYourTestPlanshouldincludethefollowingcategoriesforUAT:
§ Schedule§ Coverage§ Personnel(calloutany3rdpartiesyoumayneedto
relyontosupportorconductyourtesting)§ Focusareas(categorizingtheuse-casesasoneof
eitherbusinesscriticalornon-businesscritical)§ Administratortestcases§ Functionalbusinesstestcases§ Devicetestmatrix
back
§ Remediation
§ Statusreporting
§ Signoffcriteriaandprocess
§ Communications
§ AccessingtheUATenvironment
§ Problemsteprecorder§ Acceptancecriteria
§ Signoff
MigrationgoessmoothlyNewsearchtechcompletedfullindexof160mitemsinjustunder3days- over10daysfasterthanoldtech
Mar-17
SearchBlipIncorrectSearchinfrastructurefixed.
Mar-17
KeyTakeawaysfromthisproject
• Understandyourcurrentenvironment• WorkwithMicrosofttoremoveallblockersandmeettheOffice365requirements– getaccesstothemigrationpreparationreportsandthemigrationadvicefromMicrosoftasearlyinyourtimelineasyoucan
• Executesomeserioustestinganddocumentandre-testthroughyourUAT’s• Establishyourexposuretotheworkflowimpactsandremediateearly– developparameterisedworkflowswhereidentitiesareremoved
• Engagewithbusinessearlyontheimpactofthemigrationevent• EstablishearlyonyourapproachtoOffice365connectivity• Ideally,keepyourexistingenvironmentasfreeofcustomisationsaspossible• Getgoodadviceonlargelistsremediation,andunderstandyourpermissionslandscapeinrespectofuseraccountsandActivedirectorygroups
• Planforre-indexingtimeforsearchandpreparebusinessfortheimpact
AdditionalInformation§ Moreinformationtoprepareyoufor
Migration
WebAppPolicy• WorktowardsremovingpoliciesinSPO-D• Policiesarecollapsedifmigrated• Worldisdifferentinthedestination- SinglewebappwithHostHeaderSiteCollections
WHY?• NoabilitytoeditpoliciesinvNext – Onlyremovepolicies• Unintendedaccessissues
Recommend• Startthisprocessearly!
AppCatalog• Webappsarecollapsedonmigration– doesnotaffectinstances
• CustomersneedtochoosewhatURLwillholdthesite
• Anyappnotregisteredinthecatalogofrecordsneedsre-installedinDvNext
• OnlythoseregisteredinvNextwillbeavailableforconsumptioninvNext
Why?• Youcanonlyhave1AppCataloginDvNext
Guidance:• ChoosetheURLthatcontainsthemostAppsinyourenvironment
WorkFlow
• Testinginplaceisavailableforboth2010and2013Workflows• FinalMigration– Testingof2013WorkflowsoccursafterDNScutover• ArchitectureChangefor2013Workflows• ReportsareavailableintheSSPaboutstatusesofworkflows
ComparisonofWorkflows
• History,althoughmigrated,nolongerassociatedwithWorkflow
• Workflowlogic• UserIdentityinformationwillbebroken
• Willlosestateinformation• Mustberestartedpostmigration
• Historywillberetained• Workflowlogic• WithUserIdentityinformation– WILLNOTWORK• WithoutUserIdentityinformation– WILLWORK
• Workflowswithanuserimpersonationsteppersistsidentityoftheuseraccountthatpublishedtheworkflow
FullTrustCode• Isitgoneyetonyour2013Dfarm?• Sandboxsolutions– NolongersupportedinDorDvNext asofDecember2017
• ISVFree•CAMAppsready
TestPlans=WinPlansKnowYour• CriticalBusinessProcesses• Environmentandhowits
Unique• PermissionModel• CriticalTools• Critical Features
Do• ProvideCriticalScenario
Coverage• WorkwithReleaseManagers• AskOthersabouttheir
Experiences• SupplybusinesscriticalitemsDoNot• Assumeitwillwork• Assumeithasalreadybeen
tested• Testusingadminaccountsonly
S.M.A.T.
• TheSharePointMigrationAssessmentTool• Downloadit>here<• NB:AnadditionaltoolwillbereleasedlaterthisyearwhichwillalsohelpidentifyissueswithmappingofidentitiesonyourSharePointfarmforSharePointOnline.
TheSharePointMigrationassessmenttool(SMAT)isasimplecommandlineexecutablethatwillscanthecontentsofyourSharePointfarmtohelpidentifytheimpactofmigratingyourservertoSharePointOnlinewithOffice365.Becausethetoolisdesignedtorunwithoutimpactingyourenvironment,youmayobservethetoolrequiresonetotwodaystocompleteascanofyourenvironment.Duringthistime,thetoolwillreportprogressintheconsolewindow.Afterthescaniscomplete,youcanfindoutputfilesintheLogsdirectory.Thisiswhereyouwillfindthesummaryandmoredetailedinsightsintothescenariosthatcouldbeimpactedbymigration.ToimprovethequalityofMicrosoftproductsandservices,thetoolwillreportanonymousstatisticalinformationbacktoMicrosoft.Optionally,youcanidentifyyourorganizationwhenpromptedattheendofthescan.Ifthetoolisnotabletoconnecttotheinternettoreportthisinformation,thetoolwillstillfunctionasotherwiseexpected
FarmScanReportsAvailableScans Description Awareness!!
Add-Ins
LocatesallSharePointadd-insthatarecurrentlyinstalledintheenvironment.Thisincludestheprovider-hostedadd-insandassociatedsiteinventory.Thisinformationwillhelpyouidentifyadd-insthatmayrequirespecialattention.
Shouldbeinvestigatedearlyintheprojecttoassureadequatetimetoremediate.
BCS
IdentifiesallBCSapplicationsconfiguredinthe2013Dedicatedfarm,whicharenotmigratedtothevNextplatform.Youcanthendeterminewhethertheapplicationsarerequiredpostmigration,andifso,youcaneitherconfigureahybridBCSorexposethedatasourceyouneedtoaccesstotheinternet,sothatyoucanconnecttoitfromthevNextenvironment.
BrowserFileHandling
LocatesallHTMandHTMLfilesthatwillbeimpactedbythechangefromPermissivetoStrictBrowserfilehandling.Datawillbemigrated,butyou’llwanttonotifythesiteownersthatthebehaviorofthefileswillchangefromopeningwithinthebrowsertopromptingtheusertodownload.Optionsforrenamingthefileextensionareprovidedinthescandocument.
Shouldbeinvestigatedearlyintheprojecttoassureadequatetimeiftherearemanyfilesthatrequirerework.
CustomisedProfilePage
Providesalistofallcustomizedfilesandthenameofwholastmodifiedeachfile.YouwillwanttounderstandanycustomizationsmadetothePerson.aspxpage,andwhetherthereisanyimpactwiththemovetothenewDelveprofileexperience.Ownerscanbenotifiedoftheneedforuseracceptancetesting.
Shouldbeinvestigatedearlyintheprojecttoassureadequatetimeforrework.
CustomProfilePropertyMappings
LocatesprofilepropertymappingsthatdonotexistinSPO.TheDedicatedvNextservicedoesnotsupportextendingtheAADschemaandconfiguringadditionalprofilepropertymappings.Ifyourbusinessneedstopopulatedatathatisnotprovidedbytheoutoftheboxprofilepropertymappings,itisrequiredtowriteaprogramthatwillpushthevaluesyouwantintotheprofilepropertiesintheservice.
InfoPathIdentifiesalltheInfoPathformsthatwillrequireremediationtoworkonvNext.ThescanresultoutputwillbeusedtohelpdeterminetheapproachforremediatingagivenXSNform.
ShouldbeinvestigatedearlyintheprojecttoassureadequatetimeiftherearemanyInfoPathformsthatneedtobereworked.
IRMEnabledLists
ScansforIRMenabledlists/libraries.IfyouneedtocontinueusingIRMwithyourcontentonthevNextplatform,yourReleaseManagerwillbeabletoprovidedocumentation.
FarmScanReportsAvailableScans Description Awareness!!
LargeExcelFiles
LocatesalltheXLSXfilesthatareover10MB.Ifyouattempttoopenafilelargerthan10MB,itwillpromptyoutoopenthefileintheExcelclientapplicationandusersshouldbenotifiedoftheexpectedbehavior.
Shouldbeinvestigatedearlyintheprojecttoassureadequatetimetotestthrottlingin2013Dpriortomigration.
LargeListViews
Identifieslistviewsthatarethrottled.Listviewscalledoutinthescanreportmaynotbeviewablepostmigrationwithoutperformingremediation.
LockedSites
ProvidesalistofURLsthatareconfiguredas“NoAccess”inSharePoint.ForOne-timemigration,thesiteswillbemigratedandwillremaininaccessibleonthevNextplatform.ForPhasedmigration,lockedsitescannotbemigrated,asthetoolingisunabletoreadthesitecontents.
LongOneDriveURL's
LocatesURLsthatwillexceedthesupporteddatabaselimitsoncetheOneDriverenameisperformed.ForOne-timemigration,theOneDrivesiteisrenamedafterthedatabasesaremigratedtothevNextplatform.IfthesiterenameresultsinURLsthataretoolong,therenameprocesswillfail.IfaOneDrivesitefailstorename,thesitewillbeinaccessibleonthevNextplatform.
ShouldbeinvestigatedearlytodeterminethenumberoffilesthathavelongURLs.
SecureStoreIdentifiesallthesecurestoreappsthatexistinthefarm.TheinformationprovidedinthescanreportshouldbeenoughforyoutorecreatetheapplicationsonthevNextplatform,ifnecessary.
UnsupportedSiteTemplates
LocatesanysitesleveragingatemplatenotsupportedonvNext.IfthesesitesarerequiredontheDedicatedvNextplatform,youwillneedtocopythesitetoanewlocationthatisbasedonasupportedsitetemplate.Ifthesiteisnolongerneeded,youcoulddeletethesitefromtheenvironmenttoavoidanyimpacttothemigration.
WebAppPolicies
Thisscanoutputs2files.Onereportincludesallthewebapppoliciesandtheotherincludesonlythewebapppoliciesthataredifferent.ForOne-timemigration,iftherearemismatchedpoliciesinyourscanresults,youandyourRMwillplanforalternativesduringmigration.ForPhasedmigration,webapplicationpoliciesarenotmigrated.
Shouldbeinvestigatedearlyintheprojecttoassureadequatetimetoreworkusersecurityifneeded.
Workflow2010
Providesalistofallthe2010workflowassociationsintheenvironment,alongwithhowmanyrunninginstancesatthetimethescanwasexecuted,asyouwillneedtorestartanyworkflowsthatwerestillinflight.
Workflow2013
Providesalistofallthe2013workflowassociationsintheenvironment,alongwithhowmanyrunninginstancesatthetimethescanwasexecuted,asyouwillneedtorestartanyworkflowsthatwerestillinflight.
PreparationforMigrationtoD-vNext– Notable.• SelectingHybridsearchandUATenvironment(C+)
• MSbuiltaseparateUATfarm
• Requiredlocalhostfilesfortesters
• Requiredfirewallroutingrulesacrossmultiplecountries
• InitiallyUATdidn’tsupportworkflows,emails,hybridsearch
• Stilldoesn’tsupportwebapps (checkifthishasbeenfixed?)
• Changestoconnectedapplicationauthentication(B-)• Identifyconnectedapps– possiblethroughlogsbutnotperfect.Weleftalotbehindwhichwereidentifiedpostmigration
• Challengetomoveawayfromserviceaccountapproach=cloudidentities(weconsidercloudidentitiesarisk)
• NeededtoretainACSbecauseoflackofgranularityinAzure
• ReadinessofMStooling&Reporting(B+)• Identifiedandfixedpermissionsmappingissue
• Identifiedworkflowissues(2010domigratestate,2013donot;anyworkflowwithemailaccounts(and3otherscenarios)need re-publishingandlosestate
• ReportingisimportantandwehadspecificrequirementsnotmetwiththethencurrentMSreports.Frequencyandconsistencyiskey.Thisisnowmuchbetter
• WebApppoliciesdisappear• WorkwithMicrosofttomanagethisduringyourmigration
PreparationforMigrationtoD-vNext• SearchandSearchconfiguration(B-)
• HybridsearchandourscalebroughtissuesforUAT– initiallywecouldnotreplicatesearchresultsacrossallthecorpus.Someappsdependedonthisforvalidatingsolutions.NowFixed.
• ContentDBstate(A-)• WehadconstantresizingofcontentDB’saswehadsomeverylargeones.MStechhasnowbeenfurtherdevelopedtominimisethe
needforthis.• CustomisationsImpact(B-)
• Wehaveaverycustomisedenduserexperienceonhundredsofsites.Wedevelopedaframework(wethinkMicrosoftcopiedourapproachwithSharePointUX!)tostandardisethisanddriveconsistencyawayfrommultipleJSfiles,librariesetc.Challenges onthenewUX
• Overallimpactwasnothigh(AccessDBissuesnowfixed)
• AuthenticationforUsers(A-)• NewExperience,STSsetupandwecouldn’treallytestatscalethecapabilitiesoftheSTSduringUAT’s
• WehavemixedOffice2010andProPlus(rolloutcontinues)whichwaschallengingbutnothighimpact(moreendusercomms andknowledge)
• ChangeandComms (B+)• WewerelateoutthegateherebutitisveryimportanttohaveboththecorrectC&C,targettherightaudience,gettherightmaterial.
• Needmultiplelevelsofengagement,fromuserexperience,connectedapplications,customisations
PreparationforMigrationtoD-vNext• IdentityMapping(A-)
• Processwillreportonuserandgroupobjectswithinyourlegacytenant• Itsrequiredtoidentifythosewhicharemissingfromamappingperspective.E.g.notinlocalAD,notinAAD• Note:
• reportsusesSIDS,youneedtoconsiderthatoneobjectmayhavehistoricalSIDSwhenchecking• ADqueryreportingtoprocesstheseMicrosoftlistsisrequiredacrossyourentireADforest• YouneedADquerytoolstofinalisethisprocess– taketimetobuildarepeatableprocessasyoudothisseveraltimesperUAT
• Identifysiteconfigurationswhichwillchange(B-)• AccessrequestemailswillneedreplacingwithnewvNextformat[manualeditingorscript]• Accessrequestoptionschange[script]• CustomsearchconfigurationsandsearchsettingsURL’smayneedchanging[script]
• Lossofwebapppolicies(A-)• Allwebapppoliciesfromallyourlegacywebappswillmigrate(collapsed)• WefounditbesttoremoveandmanagethroughAADgroups
• ExamplehereiseDiscoverygroups
• DonotrelyonwebapppoliciesinAAD– targetremovalearlyandre-useonAADgroups• OnegrouptolooktoretaintemporarilyareanyDENYALLpolicies(youwillneedtoreplacewithlicensemanagementinfuture)
• UnderstandchangesonSPO(B-)• auditingcontrols,sharingoptionsanduserexperience(e.g.folders),Accessrequestsprocess,managingnewUXoptions,etc.
Recommendations• Do3oreven4UAT’s
• Youneedtodoalotoftestingforcustomisations,connectedapps,workflows,searchconfiguration
• UseyourtargettenantifpossibleforUAT(minimiseslocalnetworkconfigurationchanges)
• Planforyourworkflowstostopinadvance
• Changedirectinclusionofemailstoparameterisation
• InformbusinessthatidentifiedSP2010and2013workflowsmaybeimpacteddependingonarchetype
• Publicisethechangesinauthenticationforconnectedapps
• Stresstheimportancetomovetotokens,clientID/secretandnotrelyoncloudidentities
• TherearedifferencesinRESTAPIonSPOthanonBPOS-D
• ExaminetheneedforURL’swithinIEtrustedzoneforAUTHN
• Performancetestingiskey– ensurealllocationsundergo
performancetestingtoidentifyen-routenetworkconfigurations
• Ifyouusepac filesforlocalconfig– planchangewellahead
• BuildacomprehensiveCommunications&Changeapproachacrossyour
business
• Engageearly,engagebig
• UnderstandthereportsyouhavefromMicrosoftandidentifywhatyou
needforyourmigration
• challengeforchange!
• Understandhowthepermissionsmappingimpactsifyouhavecustom
claims– especiallythedefaultimplicitgroups
• Defineyourtenantconfigurationupfront(Sitestorage,OneDrive,profile
permissions,SCAoptions)early
• Planforsearchindexdowntime– searchresultswilltaketime
• Ensuresupportteamshavetherightlevelofaccesspostmigration
• Defineclearpoliciesfornewfeaturesbeforemigration
• EngagethroughYammer,mail,publicationsandsetclearstatementsonwhatisallowedandwhatisn’t
• DevelopADqueryandreportingskills
• GainskillsinDynamicAADgroupconfigurations
Summary
• Test,test,test• Testagain• Engagewithbusinessesonconnectedapps,customisationsandtestthoroughly• Informbusinessthroughcommunications• Drivepoliciesaroundcustomisations,andnewfeatures
• Re-examineworkflows– assumetheywillalllosestateifinvolvingemail,elevatedpermissions• Donotexpectwebapps toworkinUAT• CheckEOPconfigurationsforinboundalertsandworkflowemails• PlanAADconnect• Prepareandexaminepermissionsmapping
ContactDetails
RobertSTuckerBlog:https://probablynotinteresting.comTwitter:https://twitter.com/youknowitisntLinkedIn:https://www.linkedin.com/in/roberttucker/Email:tucker@probablynotinteresting.com
Recommended