Stakeholder perception of the value of SharePoint 2013 PLA

Introduction

SharePoint 2013 can be setup in many different ways. Microsoft Support has documented in a number of Knowledge Base articles, supported and unsupported configurations. TechNet articles describe what configurations and settings are recommended. Out of the number of supported and recommended variants, PLA (Product Line Architecture) defines a standard for the implementation of SharePoint 2013 in your datacenter. It sets the starting point for strong governance for the implementation, smooth operation of it and adoption of SharePoint by business users.

The approach Microsoft has chosen follows a number of design objectives. PLA should decrease design ambiguity and thereby reduce the implementation costs, support costs and implementation time. Upgrades should be easier and less complex. The PLA leverages the practices and experiences Microsoft has building Office 365, thereby helping customers get to the cloud more easily when they decide to do so. The service level target is to achieve a 99.9% availability of the resulting SharePoint farm (the same as Office 365). All security recommendations of the PLA minimize risk without excessive operational burden. And the PLA farm is designed to be extensible in the future.

Different Stakeholders, Different Views

Typically, the Microsoft architect in a PLA engagement obtains feedback from the stakeholders involved in the SharePoint project. This feedback points in as many different directions as there divergent interests.

IT managers (e.g., CIO) usually focus first on the complete implementation that PLA offers and on the cost reduction. They understand that the PLA will reduce the cost for planning, implementation, support and upgrades. Even more important for the management is the strong governance PLA enables. While you may hesitate to start using SharePoint in the cloud, you want to be prepared to change this position later on.

If the enterprise already has experience with SharePoint or similar projects the IT managers and Enterprise Architects position governance as the top advantage for using the PLA.

Developers will realize the benefits of cloud-compatible code but may miss the full trust code of the server object model. In many enterprises, the developers implemented additional tools and solutions for operation and business departments that use full trust code. Some requirements may call for 3^rd party software which is usually full trust code and therefore, not permitted. Developers and 3^rd party vendors will have to transform these now or in the future.

Operations sees the prescriptive design and the reduced complexity as the most important advantage. But they may hesitate in adopting the PLA because it may not fit in to existing operations processes such as monitoring, high availability and disaster recovery.

Business departments realize that the PLA offers a solid platform – as does Office 365. But it does not offer any business solutions out of the box. SharePoint-based applications still have to be built by the business. However, because it's focus on cloud-compatibility, the PLA can enable the business to work in hybrid model much more easily.

Security departments are happy to have all standard features of SharePoint security in place. However, since some business departments demand the urgent need for extranet access, security is missing two-factor authentication and other precautions for a secure access for external users.

Cloud-compatible, Easier Upgrades

The SharePoint 2013 PLA helps to implement an on-premises farm that provides similar functionality to its users as Office 365. The rules in the PLA are such that applications on a PLA can be migrated to Office 365 with less effort. PLA does not allow full trust code and directs the developer to the SharePoint app model using client side object model. The single Web Application, single Farm concept eases management, similar to Office 365. This also helps to make upgrades easier, for example to SharePoint Server 2016. By following the operations recommendations to keep the PLA farm healthy, future upgrades will be smoother and less costly.

Improved SharePoint Governance

PLA defines its implementation by a set of rules for:

• Services, administrative accounts, and Active Directory
• DNS, SSL certificates, load balancing and networking
• Virtualization, Windows Server OS and IIS
• SQL Server and SharePoint configuration
• Operations and Governance

The rules and recommendations limit the variety of possible configurations and guide to a reproducible result. The build and operations guide push in the same direction. The governance recommendations tie it all together from the business user perspective.

If we ask what the PLA can deliver – the governance foreseen here is its major invention. It makes PLA different from the recommendations and supportability statements from TechNet and KB articles by restricting the flexibility of SharePoint Server 2013. We will see that if we want to solve some of the restrictions imposed by the PLA, we will be obliged to bring our own additional governance rules.

PLA is designed to be used and implemented following all rules – at least all rules positioned as mandatory. If your project needs to deviate from one or more mandatory rule, you will take the burden to adapt all documentation and functionality that is affected by the rule change.

PLA Limitations and extensibility

Our discussion of the design objectives for PLA shows that PLA brings number of advantages for the implementation of SharePoint Server 2013. To harvest these, the customer has to accept number of decisions made by the PLA. However, some customers have complaints such as:

Enterprise Architecture claims that the size limits for total items and uploads may hinder the company to fulfill the requirements raised by the business departments in the future. That PLA accepts one farm only for content and application services could be a blocker for growth too.

IT operations have their own proven practices for disaster recovery and high availability. In most cases, these are based on 3^rd party tools. Since the customers apply it for all applications, they insist to use it for SharePoint too.

Security departments are missing additional precautions to protect HBI (High Business Impact) content and access via extranet. They need these to fulfill the existing business requirements. They also insist on using Kerberos instead of NTLM as the authentication protocol as it is more secure.

SharePoint Server 2013 supports more diverse configurations. For example, Kerberos for authentication is supported, multiple farms and web applications are supported, file size and other sizing limitations can be higher and different disaster recovery models are supported.

The deviation in one of these major decisions will not be a pure PLA implementation. As we illustrated above, a deviation may still be supported by the product but the customer will lose part of the advantages of PLA. In the case where a project deviates from the PLA rules, it has to ensure that the parts implemented still fit together with the rest of the architecture, scripts, operations and governance. This results in additional project effort, cost and more long-term maintenance for the deployment. The impact of such decisions varies. For example, if the customer insists on Kerberos for authentication, the project has to add the SPNs to the prerequisites list, to the operations guide, the build guide and modify the build scripts. Additional test cases will be necessary too and IT operations will need to maintain those SPNs. Troubleshooting authentication problems becomes much harder and supporting BYOD (bring your own devices) and extranet access becomes extremely difficult.

The PLA is extensible as long as the rules are still adhered to. For example, it is easy to add external access, BI features or advanced workflow without breaking PLA rules. You just need to ensure your implementation and the vendors features will work properly while adhering to the PLA principles.

While it may be unavoidable in some cases to comply with all rules in the PLA, you should try to adhere to them as much as possible. Doing so will enable your organization to reduce future costs, make upgrades easier and if desired, make the move to the cloud easier as well.

The SharePoint PLA is only available through Microsoft Services or an approved Microsoft partner. Contact your Microsoft Services representative for more information and to get started.

This post was authored by Hans Georg Baumgärtel and Wahid Saleemi.