Because each SSP that you create provides its own services and you can create multiple SSPs in a farm, a Central Administration User Interface (UI) page exists so that you can configure these services on a per-SSP basis and also on a farm level for all SSPs. The SSP Management Interface is divided into two areas:
Farm-level management of all SSPs
The remainder of this section covers the SSP management pages while the section following this one titled "Managing SSPs at the Farm Level" explains farm-level management of SSPs in a large enterprise environment.
The SSP management page has several key sections that enable you to easily configure and manage the services provided by the SSP. Although these components do not need to be configured prior to creating the new Web applications and sites associated with this SSP, you should configure any services that are to be consumed beforehand. As new Web applications are then associated with a particular SSP, they show up under the SSP name in the Manage This Farm's Shared Services administration page. To access the Manage This Farm's Shared Services page, follow the steps outlined earlier in the section for configuring an SSP. All Web applications listed under that SSP are consuming the services that the SSP provides. Figure 18-2 shows an example of this.
Figure 18-2: Viewing the associated Web applications
As you can see from the list of associated Web applications in Figure 18-2, you must be sure to use well-planned naming conventions to easily distinguish one Web application from another. See Chapter 7, "Application Management and Configuration," for more information on creating Web applications.
Web applications are listed under the Default SSP even if they have not yet been extended with a site collection or mapped to another Web application. To reach the SSP administration page, click the name of the SSP you want to manage from the Manage This Farm's Shared Services page. Follow the steps outlined earlier in the section for configuring an SSP to get to this page. You will then be taken to the Shared Services Administration Home page, shown in Figure 18-3.
Figure 18-3: Shared Services Administration Home page
For quicker access to the Shared Services Administration Home page, in Central Administration, under Shared Services Administration, click the name of the SSP in the lefthand quick launch bar.
In the User Profiles And My Sites section on the SSP Administration Home page, the SSP is configured to provide services that deal with personalization, such as My Site; therefore, any changes you make to the personalization settings here affect all users who consume these services from their associated Web applications.
By clicking this link, you are presented with options that let you manage attributes and import configurations for our users' profiles. User profiles play a key role in the way you target content and set up social networking with other colleagues that you share common attributes with. When one user searches for information on another user, the profile information is used to help return the correct results from the search.
Configuring and managing profiles is covered in more detail in Chapter 8, "Administrating Personalization and Portal Taxonomies."
The Profile Services Policies link enables administrators to configure which profile attributes are available to the user, which attributes the user is allowed to edit, and which attributes are viewable by which users when they are viewing the user's public My Site page.
|More Info|| |
For more information on profile policies, see Chapter 8.
Because the SSP can host more than one Web application, many site collections used by the same users all have links to their My Site. For this reason, the SSP allows you to configure which server holds all personal sites for the SSP. Therefore, when a user travels between different sites, he will always be redirected to the same My Site, regardless of which Web application he is working in. The same applies to the preferred Search Center option, which allows you to configure a centralized search page that all users are redirected to when they click the search center page from a portal.
|More Info|| |
See Chapter 16, "Enterprise Search and Indexing Architecture and Administration," and Chapter 17, "Enterprise Search and Indexing Deployment," for more information on search.
To configure the location for personal sites and the preferred Search Center, click My Site Settings under the User Profiles And My Sites section and type the URL and port number for the Web application to host the My Sites in the Personal Site Services section.
If you do not want the URL of the My Site to include Personal, you can change the location name here. By default, the URL is set Personal so that a user's My Site address looks something like http://corpportal/personal/fred. However, you can change it by typing a new Personal Site location on the My Site settings page.
Any existing My Sites already created with the previous My Site location will not be affected and will continue to use the previous location. When the Web application that hosts My Sites is associated with a different SSP, the users profile and social networking information such as Colleagues and Site memberships will be generated by the new SSP. If you want to host multiple SSPs but have a centralized My Site Web application for all users, you can use Trusted My Site locations as described later in this chapter.
For enterprises that need to control the way multiple users with the same name are handled, there are three naming convention options that you can use to determine the actual name of the My Site associated with an individual:
User Name Only This option does not resolve conflicting usernames.
User Name With Conflict Resolution If two users exist with the same name in two different domains, the user name will appear after the domain name-for example, Contoso_fred.
Domain And User Name The user's domain always comes before her domain name to avoid any potential conflict.
Therefore, if a company has more than one user named Fred across two domains-say one in the U.S. and one in the U.K.-instead of using the default URL http://corpportal /personal/fred, the company can use http://corpportal/personal/UK_fred. This approach is useful for avoiding name conflicts in large organizations. To alter naming conventions, click the My Site Settings link in the User Profiles And My Sites section, and select a naming format in the resulting dialog box (shown in Figure 18-4).
Figure 18-4: Configuring a My Site naming format
If your organization also has users that use different language sets, select the option to allow users to choose their personal language. The language packs required must be installed on the server that hosts the users' My Sites. (See Chapter 4, "Multilingual Planning, Deployment, and Maintenance," for more information on how to install and manage language packs in Office SharePoint Server 2007.) To enable My Sites to support additional languages, select the Allow User To Choose The Language Of Their Personal Site check box in the Language Options section on the My Site Settings page.
From the My Site Settings page, you can also enable all personal features for remote users, which allows users whose My Site is located on a remote server to have access to adding and configuring specific My Site features, such as My Colleagues and My Links. Remote users can do this even if their My Site is hosted on a server at the end of a wide area network (WAN) link in a remote office. To enable My Sites to support global deployments, select the Enable All Personal Features For Remote My Site Users check box in the Multiple Deployments section on the My Site Settings page.
If you are going to enable multiple My Site deployments to access all personal features, it is recommend that you replicate the profile information between the servers hosting the My Sites in the organization.
The final option on the My Site settings page provides you with the ability to change which users get read access to the public view of everyone's My Site. By default, the Windows authenticated users group is granted read access to every user's public My Site page. To change this group or add more groups, add the group name followed by a semicolon and then add the second group name. Names should be added in the format of Domainname\Groupname or Domainname\Username (as shown in Figure 18-5).
Figure 18-5: Configuring group access to public My Site pages
After you add the group name, click the people picker lookup icon to verify the group. You can also add names by using the address book lookup icon, which will use the directory service to return local and domain groups and users. Any groups or users that are added will automatically be added to the Readers group in every user's My Site. Follow these steps to modify access to the public My Site view:
In the Default Reader Site Group text box, change or add the group or user by typing a name in the format of Domainname\Groupname or Domainname\Username.
After entering the name, click the people picker lookup icon, and then click OK.
In a multiple SSP environment, there might be situations where users log on to sites hosted by different SSPs and from different geographic locations. In these situations, when they try to access their My Site, audiences and the URL of their correct My Site can be used to redirect them to the correct SSP that hosts their My Site as a trusted location.
Here are two scenarios in which you might want to use the Trusted My Site redirection functionality:
Rogue servers To avoid rogue server URLs being used in this attribute, only URLs that are registered in the SSP properties and the Trusted My Site redirection list can be used. You can add multiple URL redirects, and to make sure a user gets the correct My Site URL you can use audiences to target the URLs. This approach ensures that no matter where the user is accessing her My Site from she is always redirected correctly.
Geo deployment When companies have multiple locations hosting multiple SSPs yet still fall under a single organization, a user could be working on a site anywhere in that organization-for example, a U.S.-based project manager could be working on a project team site in Australia. When the project manager clicks on his My Site, he wants the action to take him to his My Site, which is located in his home location, and not to create a second My Site in the remote location he happens to be working in. You can also use profile replication, as mentioned earlier in this chapter, to make all the project manager's My Site features available even though he is accessing a site located in a remote office. This approach speeds up the display time for the content located on his My Site.
These are just two examples of using trusted My Site locations. To add a trusted My Site location to an SSP, follow these steps:
Click the name of the SSP you want to manage.
Click the Trusted My Site Host Locations link in the User Profiles And My Sites section.
On the Trusted My Site Host Locations page, click New in the list options.
Complete the URL field to the Web server hosting the My Sites.
Complete the Description field.
If required, add an audience and click the check names lookup icon to confirm the selection. If you prefer, you can click the directory lookup icon and find the audience via a search.
Click OK to add the new My Site trusted location.
Where possible, add the required trusted My Site locations prior to creating a My Site. This will avoid duplicate My Sites being created unnecessarily.
A published link is the ability to add features into a user's Microsoft Office client without the user realizing that SharePoint has added it. You target published links by audiences, and this enables SSP administrators to target office features by specific groups of users. For example, you could create a custom Microsoft Office Excel data connection and then publish this link to the Excel clients. When a user launches her Excel client on a site and goes to create a data connection, your published connection will be available to her in the available default connections. Follow these steps to add a publishåd link to an office client:
Click the Published Links To Office Client Applications link in the User Profiles And My Sites section.
Click New on the options menu.
Fill in the URL field with the Web site address.
Enter a description.
Select a type for the link from the drop-down menu.
If required, enter an audience or look up an audience from the directory lookup icon. Click OK.
Personalization site links enable administrators to add and target page links to audiences. Once added, each new link appears on the user's My Site Home page as an additional tab. When the user visits his My Site and clicks one of the links, it takes him to the URL of the link. Links can be any HTTP address and can point to any internal or external Web site. If when you add a new link you do not specify an audience or you choose the All Site Users audience, all users get the new tabbed link. See Figure 18-6 for an example of several personalization links as they appear on a user's My Site.
Figure 18-6: My Site showing additional tabbed links
By default, all authenticated users have the ability to create personal sites and use personal features. However, this is not always practical, and there might be times when users of a particular SSP are required to have only restricted access to My Site or not have any access at all. By changing the permissions on this page, you are able to control this access and usage policy on My Site on a per-SSP basis.
Real World Modifying Users' SSP Rights
In some situations, companies might create more than one SSP-for example, to host a highly secure set of profiles and unique search index for a research and development department. When users work in sites associated with this SSP, you do not want any My Sites to be created or any personal features to be enabled. Also, because this is a highly restrictive group of sites, you also want to restrict the groups of users who are able to even have rights on the SSP. To fulfill this requirement, follow these steps:
Click the name of the SSP hosting the services you want to restrict.
Click the Personalization Services Permissions link in the User Profiles And My Sites section.
Select the check box for the NT AUTHORITY\Authenticated Users in the User/Group column, and click Remove Selected Users from the options bar.
Click Add Users/Groups on the options bar
Type the name of the security group or use the address book lookup icon to add the user group you want to give rights for to the SSP. When adding a domain group, use the format Domainname\Groupname.
Select the check boxes for the rights you want to give the users in the Choose Permissions section.
Add or remove additional users or groups as required.
You have now restricted the rights of users to perform certain tasks on the restricted SSP, yet the users still have all the additional rights on the SSP that is providing the services for users' everyday work.
When creating a new SSP, you must configure one server to provide the Index file for the SSP. This enables you to have all Web applications associated with this SSP consume the search services provided. In SharePoint Portal 2003, there was only one centrally configured search service in SharePoint Cap Central Administration. In SharePoint Server 2007, however, you can have a different set of configured search parameters on a per-SSP basis. For example, you could have one SSP that hosts all sites for company A and have another SSP that hosts all sites for company B. When users search for content in their sites, content will be returned only from their own sites associated with their SSP. You can change the Index server and file that an SSP uses, and you can do this in the SSP properties, as mentioned earlier in this chapter and described in Table 18-1. In the SSP, there are three settings for configuration:
Search Result Removal
Search Usage Reports
|More Info|| |
For more detailed information on configuring and implementing search, see Chapters 16 and 17.
Portal usage reporting is a way to control usage report processing across all Web applications associated with the SSP. Once it is enabled or disabled, portal usage reporting affects all sites that belong to those Web applications. There are two options available here to enable or disable, as listed in Table 18-3.
By default, this setting is disabled and needs to be enabled if you want to allow site administrators to run advanced usage reporting of how their site is being used. Once this option is enabled, a daily log is created that site administrators can access via the Site Settings menu on their site page. Because this is an SSP-wide change, all site administrators have access to the advanced usage reports.
Search Query Logging
By default, this setting is enabled and provides administrators and content managers with the ability to see search query reports based on how users have been using search queries. This enables administrators to see items such as the most commonly found word by query or, alternatively, which word has been queried the most but with no results. By using these reports, administrators and content managers can alter the way metadata is returned or targeted for certain keywords and phrases to avoid zero results issues for the content that exists in the index.
If a site administrator wants to get usage analysis reports, he must enable the processing settings, which are disabled by default. (See Figure 18-7.)
Figure 18-7: Configuring advanced usage analysis processing
If an administrator of a site tries to view the usage reports for the site and this functionality has not been enabled, or the first set of logs have not yet been generated (possibly due to a schedule not being configured), the administrator gets a generic error message, as shown in Figure 18-8.
Figure 18-8: Site usage report, showing a report has not run
To enable the processing settings, follow these steps:
Click the name of the SSP you want to manage.
Click Usage Reporting in the Portal Usage Reporting section.
Select the Enable Advanced Usage Analysis Processing check box in the Processing Settings section, and click OK
Once the processing settings are enabled, the usage reports are available to every site once the logs have been processed. To view the reports, the site administrator can go to the Site Settings menu on his site via the Site Usage Data option. For site collection administrators, there is also a summary report for usage across all sites in the site collection. To view this report, administrators use the Site Collection Usage Summary link in the Site Collection Administration page in the top-level site.
Before you enable the processing settings, make sure you have first enabled the Windows SharePoint Services Usage Reporting option. To do this, in Central Administration, on the Operations page, select the Usage Analysis Processing check box in the Logging And Reporting section. When both Usage Analysis Processing and Processing Settings have been enabled, you can go to the site and view the usage reports.
Audiences is a very powerful feature of SharePoint Server 2007. It gives users the ability to target content to other users based on a common grouping, such as by department, region, or function. An Audience in SharePoint can be a rules-based audience, a distribution list from Active Directory, or a Windows SharePoint Services Group.
A rules-based audience is a group of users who meet a specific set of rules set by the audience configuration for a specific SSP in Central Administration. These rules can be based on a role-based selection process, such as "reports under," or an attribute-based selection, such as belonging to a certain department. For the audience rule to include attributes, the attributes themselves must exist in the profile database for this SSP and also include content. These attributes are normally configured in the Lightweight Directory Access Protocol (LDAP) directory first, such as an Active Directory attribute. Then, when the properties of the users from Active Directory are imported into the profile database, the matching attribute in the profile database is automatically populated. (See Chapter 8 for more information on importing profile attributes.) Alternatively, you can create your own fields in the profile database if they are not available in Active Directory.
Suppose that you have a page on a team site and you want to target certain information on that team site to two different groups of users. Some of the information is relevant to the marketing team, some information is relevant to the accounts team, and some information is relevant to both teams. In Active Directory, make sure that the attribute called Department in the user property is correctly filled in for each user. You might need to speak with the Active Directory administrator for more information on configuring user object property fields. When the SharePoint Profile database import takes place, it populates the user profile in SharePoint with the same Department field attribute of sales or accounts. Follow these steps to manually configure a profile import:
Click the User Profiles And Properties link in the User Profiles And My Sites section.
Click Configure Profile Import, and select a source, such as Current Domain. Click OK.
Click Start Full Import to start the enumeration process for importing the user object attributes from Active Directory. This process might take a few minutes, depending on the number of users in your Active Directory.
Click the refresh button to ensure the enumeration is complete and set to idle.
You can now create three audiences in SharePoint for content targeting. First we need to create an audience based on one rule, which in our example will be to include users who have the property equal to Sales, as shown in Figure 18-9. Follow these steps to create a new audience:
Click Audiences in the Audiences section.
Click Create Audience.
Give the audience a name, and click OK.
In the Operand section, select the Property button, and from the drop-down menu, select Department from the attribute fields.
Leave the operator set to =.
Type Sales in the Value field, and click OK.
In the Audience properties, click Compile Audience. Wait for the compilation to complete.
Click View Membership to see the user accounts imported.
Click the Home tab to return to the SSP Administration Home page.
Figure 18-9: Creating a new rules-based audience
You can now create another rule with the property based on accounts, and you can then create a third audience that has two rules to include both departments. To ensure that both sets of users are included in this final rule, make sure that the audience allows memberships that satisfy any of the rules rather than all of the rules, as in this scenario a user is either in sales or accounts but not both. An example of how his audience property would look can be seen in Figure 18-10.
Figure 18-10: Using multiple rules in a single audience
Users can now target content on a page, and the users will see only what is targeted at them through their audience membership. You can target Web Parts or individual list items, such as discussion threads, at audiences. To enable a discussion list, for example, to support list item audience targeting, follow these steps:
Go to the Home page of a team site.
Click the default Team Discussion list on the lefthand quick launch bar.
Click Settings to open the settings menu, and then select List Settings.
Click Audience Targeting Settings in the General settings section.
Select the Enable Audience Targeting check box to enable audience targeting, and then click OK.
Return to the discussion list, and click New to create a new discussion list entry.
Complete the Subject field and, optionally, add some body text.
In the optional Target Audiences field type "Sales," and then click the check names icon to the right of the field.
The "Sales" audience should now be underlined in the field as a recognized audience name. Click OK.
You have now targeted a specific list item at the sales audience, and any user who is not in the sales audience will not see any items targeted specifically at sales users. See Chapter 29, "Microsoft Office SharePoint Server 2007 Web Parts," for more information on configuring Web Parts.
|Best Practices|| |
Always configure your audience compilation schedule to occur after your profile import schedule. That way the latest user profile changes will be taken into account when the audience membership is recompiled.
Each SSP has the ability to host its own Excel Services environment. Excel Services allows Excel workbooks to be loaded, calculated, and rendered on the server and then presented to users via a Web page. The user can then view the rendered information and even update certain cells without the need for the users desktop to have the Microsoft Excel client installed locally. There are five configurable options for Excel Services:
Edit Excel Services Settings
Trusted File Locations
Trusted Data Connections Library
Trusted Data Providers
You do not need to configure all the options just listed. However, until you have added certain core requirements-such as a trusted file location or a trusted data connection library-users will not be able to use the features, such as publishing an Excel workbook to the Excel server.
|More Info|| |
For more information on configuring and managing these services, see Chapter 20, "Excel Services and Building Business Intelligence Solutions."
The Business Data Catalog (BDC), a new feature in SharePoint Server 2007, is aimed at providing you the ability to connect various back-end business applications-such as databases, SAP, and Siebel-into SharePoint with minimal coding effort. Many connections are built into SharePoint Server 2007 with the XML code. Once the catalog is configured, the data can be used by Business Data Web Parts, SharePoint Lists, Search, Profiles, and additional Custom Solutions. Once a connection is configured, users can easily add the configured Web Parts, for example, onto their pages and start using the connection to the back-end system.
|More Info|| |
For more detailed information on configuring and managing the BDC, see Chapter 12, "Administrating Data Connections."