ccc 2015 tfs admin for good not evil
TRANSCRIPT
Configuration, Maintenance, and the Awesome Tools I Can’t Live Without!
Angela Dugan
Polaris Solutions ALM Practice Mgr since Jan ‘12
Been in the software industry since 1999
Runs the Chicago ALM User Group
ALM MVP, PSM, PSD
Has a *possibly* unhealthy love of Halloween
Shameless self promotion
Polaris Solutions- http://www.polarissolutions.com/
Chicago Visual Studio ALM User Group - http://www.chicagoalmug.org/
Twitter: @OakParkGirl, @ChicagoALM, @TeamPolaris
Blog - http://www.tfswhisperer.com/
VSOnline or On-premise?
What’s Going on Under the Covers?
Great Practices for Managing Your TFS Templates
Managing TFS Security without Losing your Mind
Access Levels – Don’t Get Caught Stealing!
TFS Admin Tools I couldn’t Live Without
Visual Studio online includes the entire VS ALM platform hosted
on Azure
You can leverage on-premise VS with TFS hosted in VSO
You cannot mix VS on-premise with VS hosted in VSO
Now VSO offers build, load testing, and release management!
VSO can be purchases on a month-to-month basis
VSO receives feature updates every 3 weeks!
But…
No template customization, yet
VSO does not have SharePoint integration or OOB reporting
VSO is reliant on Azure, it’s really reliable but be warned - it does
occasionally go down
TF Server
Project Collection 1
Team Project C
Roll-up team
Sub-Team 1 Sub-Team 2
Project Collection 2
Team Project A
Team Project B
Web Team Mobile Team
TF Server
Project Collection 1
Team Project C
Roll-up team
Sub-Team 1 Sub-Team 2
Project Collection 2
Team Project A
Team Project B
Web Team Mobile Team
TF Server
Project Collection 1
Team Project C
Roll-up team
Sub-Team 1 Sub-Team 2
Project Collection 2
Team Project A
Team Project B
Web Team Mobile Team
TF Server
Project Collection 1
Team Project C
Roll-up team
Sub-Team 1 Sub-Team 2
Project Collection 2
Team Project A
Team Project B
Web Team Mobile Team
Get it right the first time!
Before you move forward with TFS, think about the things you cannot easily change:
Server architecture/topology
Project structure/hierarchy
SCM strategy(Centralized vs. DCVS)
Process templates
Absolute minimum TFS administration overhead
Easy sharing of code, work items, builds, etc.
Allows for organizational portfolio management in TFS
Great in theory, complicated in practiceCan result in very deep hierarchies of Areas and Iterations
Builds folder may get crowded and unwieldy
All users must agree on a process template (not always easy)
Security can be VERY complex if granular artifact isolation is required
Agile, CMMI, Scrum included
Many free 3rd Party options
Customize to match YOUR process
Defines:Who is on your team?
What can people do?
How should they do it?
Don’t customize before evaluating OOB first!
Yes you can customize. But SHOULD you?
Keep a “sandbox” TPC (ideally a test TFS instance) for piloting customizations
Keep changes additive whenever possible
Keep customization consistent across Team Projects if possible
Apply an ALM process to releasing and testing customizations
FOR THE LOVE OF ALL THAT IS HOLY CHECK IT IN!
TFS Permissions Managed via Admin Console and Web
Permissions Limited to Team Projects
Permissions Inherited via Group Membership
SharePoint Permissions Managed via Central Admin and SharePoint Site Security
Permissions can be scoped to Collection or Site
Permissions Inherited via AD Group Membership
Reporting Permissions Managed via Reports Server Site
Permissions can be scoped to Server or Project Folders
Permissions Inherited via AD and/or SharePoint Group Membership
Yes, there are THREE separate places to manage security!
TFS group security and permissions can be found here: http://msdn.microsoft.com/en-us/library/vstudio/ms252587.aspx
SharePoint security here: http://office.microsoft.com/en-us/sharepoint-server-help/manage-membership-of-sharepoint-groups-HA101794106.aspx?CTT=5&origin=HA101794118
Pre-defined roles for SSRS can be found here: http://msdn.microsoft.com/en-gb/library/ms157363.aspx
Permissions are inherited from group membership
Permissions can be allow, deny, or “not set”. For almost all permissions,
deny trumps allow*.
If permissions are not explicitly set to allow, they are implicitly denied
unless an allow has been inherited via group membership (“inherited allow”).
If a user belongs to multiple groups, and ANY one group has a specific
permission set to deny, that user will not be able to perform tasks that
require that permission.
TFS, TPC, and TP Administrator level permissions CANNOT be edited.
Use AD groups mapped to MSDN licensing to determine access
level
Any user not in an AD group will get the default level of access
Do not default to Advanced, default to Limited/Stakeholder to
avoid compliance issues
Visual Studio Premium w/MSDN
Visual Studio Ultimate w/MSDN
Visual Studio Test Pro w/MSDN
More information on setting web access levels can be found here: http://msdn.microsoft.com/en-us/library/jj159364.aspx
Feature areas Stakeholder Basic Advanced
View and edit all work items X(1) X X
Standard Features (2) X X X
Agile boards X(3) X X
Basic backlog and sprint planning tools X(4) X X
Agile Portfolio Management X(3) X(3) X
Chart Viewing X X
Chart Authoring X
Code X X
Build X X
Request and manage feedback X
Test case management X
Team rooms X
Administer account X X
Advanced home page X X
Advanced backlog and sprint planning tools X X
Advanced portfolio management X
1. With Stakeholder access, users can create and modify all work items, and can create and save queries on all work items under their My Queries folder.
2. Standard features include access to the Home and Work hubs.
3. Can view backlog pages and Kanban boards. Can add work items through the quick add panel, which are appear at the bottom of the list. Can’t move items on the page or use other
features.
4. Can view sprint pages and task boards. Can add work items, but can’t use other sprint planning tool features.
TFS Power Tools:TFS Admin ReportsTFS Backup and RestoreCheck-in Policy Add-on PackProcess EditorBest Practices Analyzer
CodePlex/VS GalleryTeam Project Manager
Third-Party ToolsAttrice Sidekicks
Activity LogEvery command that every user has executed against TFS for the last 14 days.
TFS Job MonitoringTFS Background Job Agent schedules and queues jobs within TFS
Total Run Time - How long jobs take to Execute
Number of Jobs Run - Number of times jobs are run and status
Average Run and Queue Time - Number of jobs executing at a particular time, average time that they waited in the queue, and average run time
Job Queue - which jobs are currently queued, their priorities and when they are expected to start.
Used to be a Power Tool, now an OOB Feature with TFS 2013
Backups up TFS related databases
Nightly, Manual or Custom
Full, Differential, Transactional
Allows for TPC-level Restore
Notifications Available
TFS SCM Add-Ons
Code Analysis
Custom Path
Forbidden patterns
Work Item Queries
Found in TFS Power Tools: http://visualstudiogallery.msdn.microsoft.com/f017b10c-02b4-4d6d-9845-58a06545627f
Scan TFS Instance
Hardware AND Software
Detect Security Issues
Lists non-default settings
Detects non-compliance with
best practices
Recommends remediation
http://msdn.microsoft.com/en-us/library/ee248645%28v=vs.100%29.aspx
Free TFS Analyzer Tool:View team project activities
View and edit SCM settings
View branch hierarchies
View and edit security group and settings
View and edit build templates
View and edit build definitions
Compare templates
View and edit process configuration
Supports TFS 2008+
http://teamprojectmanager.codeplex.com/
Visualization and Admin Add-On for TFS
Plugs right into Visual Studio
Provides additional features around:
Workspaces
Security and Permissions
Code Review
SCM History and Labels
FREE, yes, I know!http://www.attrice.info/
Grant H’s blog: http://blogs.msdn.com/b/granth/
DTDPS TFS Deployment Program: http://bit.ly/1xdH2IH
Angela’s Slide decks: http://www.slideshare.net/angelabinkowski
Angela’s blog: http://www.tfswhisperer.com/