This document summarizes Angela Dugan's presentation on managing TFS structures and security. It discusses how to plan and structure team projects, collections, and teams to ensure effectiveness, scalability, and efficiency. It also provides recommendations on when to create new team projects or collections and how to manage permissions and security across TFS, SharePoint, and reporting services. Additional tools for administering and analyzing TFS implementations are also introduced.
2. ALM Practice Manager
Chicago ALM User Group
ALM MVP, PSM, PSM
15 years in the software industry
With a possibly unhealthy love of Halloween
Shameless self promotion
Polaris Solutions- http://www.polarissolutions.com/
Chicago Visual Studio ALM User Group - http://www.chicagoalmug.org/
Twitter: @OakParkGirl, @ChicagoALM, @TeamPolaris
Blog - http://www.tfswhisperer.com/
4. TFS Should Be PLANNED to ensure:
Effectiveness – Does it do what you need?
Scalability – Will the structure or configuration cause
bottlenecks as the team grows?
Efficiency – Can you do what you need quickly, and
without added effort?
5. TF Server
Project
Collection 1
Team Project
C
Roll-up
team
Sub-
Team 1
Sub-
Team 2
Project
Collection 2
Team Project
A
Team Project
B
Web
Team
Mobile
Team
6. TF Server
Project
Collection 1
Team Project
C
Roll-up
team
Sub-
Team 1
Sub-
Team 2
Project
Collection 2
Team Project
A
Team Project
B
Web
Team
Mobile
Team
7. TPC = Collection of *tightly
related* Team Projects
TPC = SQL Database
Can be backed up and restored
individually
8. No sharing of:
Work Items
Source Code
Queries
Reports
Build Controllers
Team Project Collections CANNOT be renamed*
Create only as many TPCs as necessary
9. TF Server
Project
Collection 1
Team Project
C
Master
team
Sub-
Team 1
Sub-
Team 2
Project
Collection 2
Team Project
A
Team Project
B
Web
Team
Mobile
Team
10. Team Project <> “Project”
TP = Logical view of subset of TPC data
Team Projects Contain
1 Process Template
1 commons set of users and roles
1 SharePoint portal (optional)
1 Reports site (optional)
11. Work Items, Source Code, Reports, and Queries CAN cross Team Project
boundaries.
BUT… no sharing of:
Work Item Templates and Definitions
Build Definitions
Areas and Iterations
Work Items cannot be MOVED to another Team project, only copied
Team Projects REALLY cannot be renamed
Create only as many TPs as necessary
14. Absolute minimum TFS administration overhead
Easy sharing of code, work items, builds, etc.
Allows for organizational portfolio management in TFS
Great in theory, complicated in practice
Can result in very deep hierarchies of Areas and Iterations
Builds folder may get crowded and unwieldy
All users must agree on a process template (not always easy)
Security can be VERY complex if granular artifact isolation is required
15. Consideration Recommendation
Codebases are being shared Create New TP or Add to Existing TP
Database level artifact isolation required (compliance) New Team Project Collection
Organizational portfolio management needed ONE Team Project
Desire to minimize administration overhead Create New TP or ideally Add to Existing TP
Ability to easily scale due to database growth New Team Project Collection or split TPC
Need to hand off code/project to client New Team Project Collection or split TPC
Need a new process template or SCM (TFGit) New Team Project
Developers don’t want their code “touching” Couples counseling, seriously
16. TF Server
Project
Collection 1
Team Project
C
Master
team
Sub-
Team 1
Sub-
Team 2
Project
Collection 2
Team Project
A
Team Project
B
Web
Team
Mobile
Team
17. Named group of users
Provides narrowed scope for
viewing work items and status
Can be used to secure access to
Team Project artifacts
Each team has their own planning
tools and views
*Does not have to map to
traditional people teams
18. Pros
Teams can be categorized into sub-teams
Teams are allocated their own, isolated backlogs
Teams are flexible, can be easily retired and recreated as needed
Cons
May not map to your existing usage of Areas
Teams cannot be shared across Team Projects
Teams are flat user lists
>100 users not loaded by Team Explorer you have bigger issues!
Team capacities do not “roll up” automatically to parent teams
21. Agile, CMMI, Scrum included
Many free 3rd Party options
Customize to match YOUR process
Defines:
Who is on your team?
What can people do?
How should they do it?
24. Don’t customize before evaluating OOB first!
Yes you can customize. But SHOULD you?
Keep a “sandbox” TPC (ideally a test TFS instance) for piloting
customizations
Keep changes additive whenever possible
Keep customization consistent across Team Projects if possible
Apply an ALM process to releasing and testing customizations
25. TFS Structure and Anatomy
Managing TFS Templates
Managing TFS Security
Other TFS Admin Tools
26. Team Foundation Server Instance
Team Foundation Server Team Collection
Team Foundation Server Team Project
Team Foundation Server Teams
Team Foundation Web Access
SharePoint Site Collection
SharePoint Sites
Reports Server
TFS group security and permissions can be found here: http://msdn.microsoft.com/en-us/library/vstudio/ms252587.aspx
SharePoint security here: http://office.microsoft.com/en-us/sharepoint-server-help/manage-membership-of-sharepoint-groups-HA101794106.aspx?CTT=5&origin=HA101794118
Pre-defined roles for SSRS can be found here: http://msdn.microsoft.com/en-gb/library/ms157363.aspx
27.
28. TFS Permissions Managed via Admin Console and Web
Permissions Limited to Team Projects
Permissions Inherited via Group Membership
SharePoint Permissions Managed via Central Admin and SharePoint Site Security
Permissions can be scoped to Collection or Site
Permissions Inherited via AD Group Membership
Reporting Permissions Managed via Reports Server Site
Permissions can be scoped to Server or Project Folders
Permissions Inherited via AD and/or SharePoint Group Membership
Yes, there are THREE separate places to manage security!
http://msdn.microsoft.com/en-us/library/ms253094%28v=vs.110%29.aspx
29. Permissions are inherited from group membership*.
Permissions can be allow, deny, or “not set”.
For almost all permissions, deny trumps allow*.
If permissions are not explicitly set to allow, they are implicitly denied unless an allow has
been inherited via group membership (“inherited allow”).
If a user belongs to multiple groups, and ANY one group has a specific permission set to
deny, that user will not be able to perform tasks that require that permission.
TFS, TPC, and TP Administrator level permissions CANNOT be edited.
*With build, version control, and work item related artifacts, explicit permissions that are set on a particular object override those that are inherited from the parent
objects. This allows you to do things like allow a user access to a root source control folder, but deny them access to one of that folder’s branches.
32. TFS Power Tools: TFS extensions for managing TFS resources
and providing advanced capabilities.
CodePlex Add-Ons: community based, often authored by
Microsoft employees, not officially supported
Visual Studio Gallery: similar to CodePlex, officially supported by
Microsoft
Third-Party Plug-ins: usually free, extends TFS capabilities
33. TFS Power Tools:
TFS Admin Reports
TFS Backup and Restore
Check-in Policy Add-on Pack
Process Editor
Best Practices Analyzer
CodePlex/VS Gallery
TFS Admin Tool
Team Project Manager
Community Build Manager
Third-Party Tools
Attrice Sidekicks
34. Activity Log
Every command that every user has executed against TFS for the last 14 days.
TFS Job Monitoring
TFS Background Job Agent schedules and queues jobs within TFS
Total Run Time - How long jobs take to Execute
Number of Jobs Run - Number of times jobs are run and status
Average Run and Queue Time - Number of jobs executing at a particular time, average time that they waited
in the queue, and average run time
Job Queue - which jobs are currently queued, their priorities and when they are expected to start.
35.
36.
37. Used to be a Power Tool, now an OOB Feature with TFS 2013
Backups up TFS related databases
Nightly, Manual or Custom
Full, Differential, Transactional
Allows for TPC-level Restore
Notifications Available
38.
39. TFS SCM Add-Ons
Code Analysis
Custom Path
Forbidden patterns
Work Item Queries
Found in TFS Power Tools:
http://visualstudiogallery.msdn.microsoft.com/f0
17b10c-02b4-4d6d-9845-58a06545627f
45. Free TFS Analyzer Tool:
View team project activities
View and edit SCM settings
View branch hierarchies
View and edit security group and settings
View and edit build templates
View and edit build definitions
Compare templates
View and edit process configuration
Supports TFS 2008+
http://teamprojectmanager.codeplex.com/
48. Visualization and Admin Add-On for TFS
Plugs right into Visual Studio
Provides additional features around:
Workspaces
Security and Permissions
Code Review
SCM History and Labels
FREE, yes, I know!
http://www.attrice.info/