The List View Threshold In SharePoint 2010

There are several things to take into consideration with the list view threshold in SharePoint 2010. There are several operations here including non-indexed queries that allow for columns to be added. They can be used to make a list and to give time for resources that are proportional to the number of items in the list. When you have a small list you don’t have to add items quickly. The bigger the list gets though the more the related operations is going to take up your available resources.

The list view threshold is a safety in place to let you know when you should change the query. It also lets you know that the data can be accessed for performance when the farm usage is low. The list view threshold is the maximum number of items that a database can hold at once. The default is set to 5,000 items and it will impact how our holistic system operates so don’t increase it.

You don’t want to prevent a query from being filtered on columns that aren’t indexed. When that happens there is a filter in place and the correct data set will be affected. You need to allow the default value for the limit to be based on farm and list performance. This is how the SQL Server is able to manage locks, so it is a good idea to leave it just the way it is.

You want to minimize database contention and the best way to do so is with the SQL Server row level locking. This is a strategy that allows for accurate updates to occur without affecting users when they have access to other rows. If a read or a write database operation including queries is in place it can mean that 5,000 rows are all locked at the same time. It will be handled more efficiently when the SQL Servers in place to serve as the lock. This means the entire table will be complete. It is going to stop other users from being able to access that table.

The mixture of queries allows for the return of all the items in the list and then more items can be returned later on. When the limits are changed from the default of 5,000 to 10,000 there is a huge impact of the overall performance. It is a good idea though to focus on high performance from the queries.

With list view threshold there are some exception due to the fact that there are operations to perform. They may not do well though if you reconfigure them. They have to be raised to the limit you will need so that they can sufficiently operate as you perform them. The worst that can happen is that you will need to change the enable throttle setting for a given list to false. Then you can ignore the list view threshold.

However, this can only be accomplished at the list level. You can’t do it for a site. You should only be doing this when you want to allow a list access while changes are being made to fix poor performance operations that are being blocked. As soon as you are done with all of that the enable throttle setting needs to be changed back right away.

Both farm and local computer administrators on the web end of things where the server is and the query starts won’t be blocked by the list view threshold. They are users that are browsing large lists and it could be found that some of them aren’t properly configured. They have to be careful when testing them so that the data is normal when other users see it. This is why some operations are prevented by the list view threshold.

There are time services that can be run with an account that isn’t protected by the list view threshold. This allows for various scenarios to be in place including a creation of an index for a large list later on. The use of general will apply so that there aren’t problems during such a scenario playing out.

With the list view threshold for auditors and administrators, the list view threshold for service account is in place. There is a limit for caching the results of a large query and therefore it saves resources. The custom code allows for a request to use the higher limit for running an account that is going to comply with the web application security policy.

Object model override determines if the service accounts can be part of the list view threshold for auditors and administrators. With a farm administrator there is the ability for the object model to be overridden. This is a program specific ability that has some exceptions.

The programmers with authorization can request for a query or a list and then benefit from it. They can change the value so that custom codes can be used to override what is already in place. It is a good idea to leave this setting at the default.

There is a daily time window that can be set for the operations to be performed. This is allowed to occur without being subject to the list view threshold. The time can be changed by 15 minute increments for a period of up to 24 hours. The database operation or query will start with the daily time window where it continues until it is completed so that it doesn’t finish in the time specified.

By default the daily time window won’t be configured because of the fact that off peak hours can vary. We suggest that you only have a daily time window in place to be specified if you have reasonable off hours. The time frame to use would be when very few people will be using a given Web application. The users are able to perform administrative operations for large lists. This includes creating indexes. All of this is best to do during those periods of time when farm usage is lower than normal.

Share

Getting Started With Information Rights Management (IRM) Integration With SharePoint

What is the purpose of Information Rights Management Marriage With SharePoint
Distributing local information through unwanted channels is one of the largest problems that exist within a SharePoint environment. Because SharePoint is meant to provide users with large facilities in order to share and work with arbitrary business data, this can sometimes lead to users sharing information that should otherwise not be shared.

A major method to procure added assurance that will help to eliminate intentional and/or accidental redistribution of sensitive or classified business information is to persistently protect the the business data under multiple circumstances, across multiple environments.

A common incident is when someone sends a piece of confidential information to the wrong person, through a mistake of choosing out of an address book or something similar. These situations are commonplace within an environment that builds out virtual teams focused on collaboration, when sensitive information in business information stored in such mediums such as Microsoft Office documents is easily shared accidentally or intentionally for whatever reason.

These types of information leaks can be costly because of:

  • loss of revenue
  • competitive advantage
  • customer confidence

MOSS is tailored to controls access to various documentation, following usage once the document has been downloaded. For an organization that has to adhere to certain legal / business requirements, this can be an invaluable piece of functionality.

What is Information Rights Management and What Can It Protect?

Information Rights Management (IRM) is a component of the Microsoft Office SharePoint Server and Microsoft Office product suite. Although its base technology derives from Windows Right Management, it has heavy ties into the Microsoft Office product suite, and has direct hooks into the Microsoft Office SharePoint Server system.
IRM allows document authors to specify who can read their document, what they are able to do with the document, and when they are able to do it. IRM can be applied to Outlook e-mails, Word documents, Excel spreadsheets, and PowerPoint presentations (along with others which implement a customized “protector”). While the Microsoft Office SharePoint Server environment is meant to promote collobration of documents between virtual teams, IRM will provide offline methods of working with the arbitrary office documents.
Some of the key features that one should look to implement in an offline protection implementation is:

  • Implement A Protection Scheme That Travels With An Arbitrary File
    • Protection that exists at the file level
    • Protection that will bind and travel with the file, wherever the file goes
  • Controls Access To The Document, and How the Document Can be Used
    • Leverages encryption methods that controls usage
    • Implements usage policies bound to the document that translate to the native client application
    • Expire relevant content when it is deemed no longer necessary
  • The Protection System Should Be Easy For End Users
    • Easy for clients to implement protection for business data
    • Tightly integrated with Microsoft Office clients that in turn are relevant to SharePoint
  • Policies That Are Managed By The Enterprise

    • Permission Policies that are organizational consistent
    • One organizational owns overall access

In a typical SharePoint environment, documents are controlled at a very granular level when stored at the web level, however once a client gets the chance to download the arbitrary document, the overall permission levels are lost. MOSS and IRM work together in order to translate roles on the SharePoint server, to permission levels as they are specified within IRM.

If a SharePoint environment if there is no IRM functionality implemented, documents circulated electronically are uncontrolled and can be printed, copied, and forwarded feasibly to anyone. Transmission of e-mails and documents over secure networks may protect the information in transit, but offer no control over what the recipients do with the information. Password security protection for documents can easily be circumvented if the password is also provided.

IRM can be used to prevent the printing or forwarding of e-mails and to make them inaccessible to the recipient after a specified expiry date. IRM can make documents unreadable by anyone other than the specified recipients.

Deploying Information Rights Management and IRM Requirements
Deployment of Information Rights Management is performed across an organization typically by the server/SharePoint administrator. In addition to installing the Microsoft Office 2003/2007 client software (since these are the default protectors that are provided by IRM), there are some other services and software that need to be installed and configured to support the IRM infrastructure:

  • Microsoft Windows Server 2003 Enterprise Edition (prerequisites for SharePoint)
  • Microsoft Windows Rights Management Server for Windows Server 2003
  • Microsoft Active Directory Services
  • Microsoft Internet Information Services
  • Microsoft SQL Server 2000/2005
  • Microsoft Windows Right Management Client software to be installed on all WFE’s

The relevant server and clients that will be accessing the IRM enabled document repositories need to be loaded with the Rights Management Update for Windows. For the encryption service to function correctly, public and private keys for creators and readers are created when the users enroll to use the Rights Management Service (RMS). Microsoft Office is required to create rights protected documents, or through the MOSS interface, but they can be viewed with other editions of Microsoft Office, or with the IRM add-on for Microsoft Internet Explorer.

By default, when Microsoft Office is installed, IRM is not enabled. Without the additional software listed above, end users will not be able to create rights-protected material even though it is enabled on the MOSS server.

IRM Protection Policies
The policies that RMS will leverage are formulated, enforced and populated by SharePoint or network administrators. After the policy has been established, the client still has to apply the appropriate policy to the document they are sending, by pressing a button and specifying rights that are available for this document. MOSS will translate roles from the site if here is no direct rights bound to the arbitrary piece of documentation.

What are some of the benefits of IRM?
There are several benefits of using IRM for various environments.

  • Documents created with MS Office with IRM are encrypted using Windows RMS (Rights Management Services). Restrictions can then be set to limit recipients’ rights to view, copy, print, and distribute MS Office 2003 documents, including Outlook e-mail messages, and to set a time limit on the readability of the document.
  • Appropriate use of this technology restricts access to records, either by internal or external organizations interacting with a third party, may prevent various organizations from creating, maintaining, and disposing of electronic records in a legal and proper fashion. Furthermore, use of this technology may prevent agencies from producing such records to competent external authorities, such as in response to arbitrary legal requests.
  • An organization can create and enforce a policy to deal with the receipt of MS Office IRM-restricted files sent by internal and external organizational users, in order to ensure such files comply with the accessibility requirements of an arbitrary organization.

Getting Started With the IRM
The reason that most people have trouble with IRM is because the requirements for MOSS can be somewhat rather confusing, however if you make sure, and inventory, all the portions that are required, and ensure that they are properly implemented within your environment, it is a relatively painless procedure. The important portion to gather out of the first steps needed to properly implement IRM is ensure that you meet all of the requirements. The actual process of getting IRM going is relatively painless and you can up in running in about 30 minutes (depending on whether you need to write / implement any custom protectors [the methods by which IRM can actually implement its protection policies]). Obviously, we are not talking about client based rights management, the IRM that we are going to be enabling exists on the server, although will provide hooks into the client portions of IRM.

The first requirement for IRM is you must have a server with IRM enabled, by this I mean a Windows 2003 Server with SP1 or later running Windows Rights Management Services since it provider the backbone framework for the IRM services. Next, since IRM has to somehow be enabled on all of the FWE’s through the web farm, it can be downloaded from here:

http://www.microsoft.com/downloads/details.aspx?familyid=A154648C-881A-41DA-8455-042D7033372B&displaylang=en

This is how your MOSS services will hook into the main IRM server, it provides the functionality that is needed in order for the document libraries that you are using, in essence, to become IRM enabled. As well, for your users to work with the IRM features that are available in an off-line format (those features after a document is downloaded from a document library and is placed in native encrypted format) will need to have the client installed.

Once the prerequisites are defined, and appropriately enabled on all of your servers, you can begin the actual implementation of the service.

Share