Being Ready for the Long Haul

Angela Dugan

ALM Practice Manager

Polaris Solutions

Angela.Dugan@PolarisSolutions.com

Managing TFS Templates

Managing TFS Security

Other TFS Admin Tools

TFS Should Be PLANNED to ensure:

Effectiveness

Flexibility

Scalability

TF Server

Project Collection 1

Team Project C

Master team

Sub-Team 1 Sub-Team 2

Project Collection 2

Team Project A

Team Project B

Web TeamMobile Team

TPC = Collection of *tightly related* Team Projects

TPC = SQL Database

Can be backed up and restored individually

TPCs are a Hard Boundary for Sharing and Visibility!

Create only as many TPCs as absolutely necessary

No sharing of:

Work Items

Source Code

Queries

Reports

Build Controllers

Team Project Collections CANNOT be renamed*

TF Server

Project Collection 1

Team Project C

Master team

Sub-Team 1 Sub-Team 2

Project Collection 2

Team Project A

Team Project B

Web TeamMobile Team

Team Project <> “Project”

TP = Logical “view” of data

Team Projects Contain

1 Process Template

1 set of Roles/Permissions

1 SharePoint portal (optional)

1 Reports site (optional)

Create only as many TPs as necessary

TPs can be broken into “Teams”

Work Items Visible Across TPs

Source code Visible Across TPs

Reports Scoped Across TPs

Queries Scoped Across TPs

No ability to backup and restore*

http://msdn.microsoft.com/en-us/library/ee748449.aspx

No sharing of:

Work Item Templates and Definitions

Work Item Categories

Build Definitions

Areas and Iterations

Work Items cannot be MOVED to another Team project

Team Projects CANNOT be renamed

Consideration Recommendation

Codebases are being shared New or Same Team Project

Database level artifact isolation required New Team Project Collection

Organizational portfolio management needed ONE Team Project

Desire to minimize administration New or Same Team Project

Ability to easily scale due to database growth New Team Project Collection

Need to hand off code/project to client New Team Project Collection

Need a new process template or SCM (TFGit) New Team Project

Absolute minimum TFS administration overhead

Easy sharing of code, work items, builds, etc.

Allows for organizational portfolio management in TFS

Great in theory, complicated in practiceVery deep hierarchies of Areas and Iterations

Builds folder may get unwieldy

All users must agree on a process (not always easy)

Security can be VERY complex if isolation is required

TF Server

Project Collection 1

Team Project C

Master team

Sub-Team 1 Sub-Team 2

Project Collection 2

Team Project A

Team Project B

Web TeamMobile Team

Named group of users

Provides narrowed scope for viewing work items and status

Can be used to secure access to Team Project artifacts

Each team has their own planning tools and views

http://msdn.microsoft.com/en-us/library/hh528603.aspx

Areas used to categorize

WIT

Map to Teams

Control Content on Team

Backlogs

User Defined

Securable

Used to Schedule WIT

Attach to Product & Sprint

Backlogs

Map to Backlogs

User Defined

Securable

Pros

Teams can be categorized into sub-teams

Teams are allocated their own, isolated backlogs

Cons

Teams cannot be shared across Team Projects

Teams are flat user lists

>100 users will not be loaded by Team Explorer

Managing TFS Templates

Managing TFS Security

Other TFS Admin Tools

Agile, CMMI, Scrum included

Many free 3rd Party options

Customize to match YOUR process

Defines:Who is on your team?

What can people do?

How should they do it?

http://msdn.microsoft.com/en-us/library/ms400752.aspx

Behind the scenes it’s just a bunch of XML

Work Item Type Definitions

Work Item Categories

Work Item Links

Queries

Reports

Lab Settings

Build Settings

Portal Settings

Process Guidance

Source Control Settings

Backlog Work Item Types

Quick-Add Settings

Default Columns & Widths

Feedback Work item attributes

Work Item Categories

Meta-states

Weekend days

Work Item Colors

Don’t customize before using OOB first!

Yes you can customize. But SHOULD you?

Keep changes additive whenever possible

Don’t customize only at the Team Project level (or be prepared for large consulting bills at upgrade time)

Keep a “sandbox” TPC for piloting customizations

Apply a dev process to releasing and testing customizations

Always version your changes in SCM

Checkout template artifacts being edited

Download core template (unless change is specific to TP)

Edit template itemsIf editing on server using Power Tools, make sure to export change to local copy of process template

Upload changes to sandbox Team Project and verify

Upload change to “production” Team Project and verify

Upload Process Template to TPC (overwrite existing)

Check in template

TFS Structure and Anatomy

Managing TFS Templates

Managing TFS Security

Other TFS Admin Tools

Configuration and Maintenance Best Practices

Team Foundation Server Instance

Team Foundation Server Team Collection

Team Foundation Server Team Project

Team Foundation Server Teams

Team Foundation Web Access

SharePoint Site Collection

SharePoint Sites

Reports Server

TFS group security and permissions can be found here: http://msdn.microsoft.com/en-us/library/vstudio/ms252587.aspx

SharePoint security here: http://office.microsoft.com/en-us/sharepoint-server-help/manage-membership-of-sharepoint-groups-HA101794106.aspx?CTT=5&origin=HA101794118

Pre-defined roles for SSRS can be found here: http://msdn.microsoft.com/en-gb/library/ms157363.aspx

TFS Permissions Managed via Admin Console and Web

Permissions Limited to Team Projects

Permissions Inherited via Group Membership

SharePoint Permissions Managed via Central Admin and SharePoint Site Security

Permissions can be scoped to Collection or Site

Permissions Inherited via AD Group Membership

Reporting Permissions Managed via Reports Server Site

Permissions can be scoped to Server or Project Folders

Permissions Inherited via AD and/or SharePoint Group Membership

http://msdn.microsoft.com/en-us/library/ms253094%28v=vs.110%29.aspx

Permissions are usually* inherited from group membership.

Permissions can be allow, deny, or “not set”.

For almost all permissions, deny trumps allow.

If permissions are not explicitly set to allow, they are implicitly denied unless an allow has been

inherited via group membership (“inherited allow”).

If a user belongs to multiple groups, and ANY one group has a specific permission set to deny, that

user will not be able to perform tasks that require that permission (“inherited deny”).

TFS, TPC, and TP Administrator level permissions CANNOT be edited.

*With build, version control, and work item related artifacts, explicit permissions that are set on a particular object override those that are inherited from

the parent objects. This allows you to do things like allow a user access to a root source control folder, but deny them access to one of that folder’s

branches.

Area: Area-level permissions are specific to a single project's users and groups.

Iteration: Iteration-level permissions are specific to a single project's users and groups.

Work Item Query: Work item query permissions are specific to the queries and query folders that

you create. You can set permissions on queries and folders that are created under Team Queries to

enable or restrict access.

Build: Build-level permissions are specific to a single project's users and groups. You can set build

permissions at the team project level, and you can also set permissions for specific build definitions

(ex: locking down production deployment build scripts).

Version Control: Version control permissions are specific to source code files and folders.

Team: When a team is created, the team group is added to the TFS “Contributors” group for the

team project, by default. So when you add a team member, that person is also added to the

Contributors group by virtue of being a member of your team.

Managing TFS Templates

Managing TFS Security

Other TFS Admin Tools

Now an OOB Feature with TFS 2013

Backups up any/all TFS related databases

Nightly, Manual or Custom

Full, Differential, Transactional

Allows for TPC-level Restore

Notifications Available

TFS Power Tools: TFS extensions for managing TFS resources

and providing advanced capabilities.

CodePlex Add-Ons: community based, often authored by

Microsoft employees, not officially supported

Visual Studio Gallery: similar to CodePlex, officially supported by

Microsoft

Third-Party Plug-ins: usually free, extends TFS capabilities

TFS Power Tools:Check-in Policy Add-on PackProcess EditorBest Practices Analyzer

CodePlex/VS GalleryTFS Admin ToolTeam Project ManagerCommunity Build Manager

Third-Party ToolsAttrice Sidekicks

Other - TFS Operational Intelligence Reporting

Add-Ons

Code Analysis

Custom Path

Forbidden patterns

Work Item Queries

Found in TFS Power Tools: http://visualstudiogallery.msdn.microsoft.com/f017b10c-02b4-4d6d-9845-58a06545627f

Import/Export/Manage:

Work Item Definitions

Workflow

Form Layout

Global Lists

Open/Edit from file or server

Found in TFS Power Tools:

http://visualstudiogallery.msdn.microsoft.com/f01

7b10c-02b4-4d6d-9845-58a06545627f

Scan TFS Instance

Hardware AND Software

Detect Security Issues

Lists non-default settings

Detects non-compliance with

best practices

Recommends remediation

http://msdn.microsoft.com/en-us/library/ee248645%28v=vs.100%29.aspx

http://tfsadmin.codeplex.com/

Free TFS Analyzer Tool:View team project activities

View and edit SCM settings

View branch hierarchies

View and edit security group and settings

View and edit build templates

View and edit build definitions

Compare templates

View and edit process configuration

http://teamprojectmanager.codeplex.com/

http://visualstudiogallery.msdn.microsoft.com/73bf2d8e-aec6-406c-8e7f-1c678e46557f

Visualization and Admin Add-On for TFS:

Workspaces

Security and Permissions

Code Review

SCM History and Labels

http://www.attrice.info/

Activity LogEvery command that every user has executed against TFS for the last 14 days.

TFS Job MonitoringTFS Background Job Agent schedules and queues jobs within TFS

Total Run Time - How long jobs take to Execute

Number of Jobs Run - Number of times jobs are run and status

Average Run and Queue Time - Number of jobs executing at a particular time, average time that they waited in the queue, and average run time

Job Queue - which jobs are currently queued, their priorities and when they are expected to start.

Managing TFS Templates

Managing TFS Security

Other TFS Admin Tools

Follow recommended hardware and software guidelines: http://msdn.microsoft.com/en-us/library/dd578592.aspx

Don’t skimp on hardware if you don’t have to!

Apply all security updates. ‘Critical’ updates should be applied within

48 hours

Be on the latest TFS release

Be on the latest edition of SQL that is supported by the TFS version.

Be on Enterprise edition for high-scale environments.

Be on the latest OS release supported by the combination of SQL +

TFS

Be on the latest supported drivers for your hardware

Collect a performance baseline for a representative period of time

• Helps to identify bottlenecks

• Serves as a useful diagnostics tool in the future

• A collection over a 24 hour period on a weekday @ 1-5min intervals

to a local file should be sufficient. Don’t know which counters to

collect? Download the PAL tool and look at the “threshold files” for

“System Overview” on all your servers, “SQL Server” on your data

tier servers, and "IIS" and ".NET (ASP.NET)" for your application tier

servers.

Ensure antivirus exclusions are correct for TFS, SQL and

SharePoint (KB2636507)

Ensure firewall rules are correct

Ensure page file settings are configured for an appropriately

sized disk

Ensure memory dump settings are configured for Complete

memory dump

Don’t run SQL or TFS as a local administrator

For HA scenarios, configure 2+ application tiers in a load balanced

configuration

Ensure that SQL Page Compression is enabled for up to a 3X storage

reduction on tables other than tbl_Content (if running on SQL Enterprise or

Data Center Edition)

Check that SOAP gzip compression is enabled (vastly improved user

experience response times for work item operations)

Disable / monitor the IIS Log files so they don’t fill the drive:

%windir%\system32\inetsrv\appcmd set config -

section:system.webServer/httpLogging /dontLog:"True" /commit:apphost

Change the TFS App Pool Idle Timeouts from 20 minutes to 0 and disable

scheduled recycling to prevent app-pool recycle during business hours

Implement a TFS Proxy Server and make sure people use it

Especially impactful for build server!

Even if no users are remote it reduces the requests/sec load on the ATs

Enable SMTP settings and validate that they work (we commonly see issues

where SMTP server won’t relay as the TFD service account)

Set TFS’s NotificationJobLogLevel = 2 to get full errors for any event

notification jobs that fail

Periodically run the BPA included with the Team Foundation Server Power Tools.

Periodically review the activity log and job monitoring sections of the TFS

“Operations Interface” at http://yourserver:8080/tfs/_oi/

Check for heavy users using Execution Time reports from the Performance report

pack and tbl_Command in the TPC databases.

Check build retention policies to ensure stale build logs and results and drops are

being cleaned up.

Clean-up tbl_Content by running the Test Attachment Cleaner tool.

Clean-up unused workspaces and shelvesets. (Workspace and Shelveset sidekicks

rock for this!)

Clean-up unused work item tracking fields (witadmin listfields /unused).

Check Cube and Warehouse health using Admin report pack.

Check work item tracking metadata size, and clean up constants / global list sizes

(automatic cleanup in 2012.2). Look at the file/folder sizes in

%localappdata%\Microsoft\Team Foundation\4.0\Cache.

Evaluate work item tracking fields that are set to reportingtype=’dimension’. Do they

really need to be in the cube? If not, set them to ‘detail’

Evaluate if you have custom work item tracking fields that are used in many work

item queries and would benefit from being indexed. (witadmin indexfield /index:on).

Check tbl_EventSubscriptions for invalid email and SOAP subscriptions. Use TFS

2012 web access as an admin to view ‘All Alerts’ and delete them

Monitor disk space usage on the build agents

Monitor queue time for the builds, spin up more agents as needed

Clean up the \Builds folder on build agents to remove old workspaces

Backup the Symbols share regularly

Backup the Builds Drop folder regularly

Exclude \Builds, \Symbols, \Drop, Team Explorer Cache from Anti-virus real time scanning

TFS Build Manager Extension: http://visualstudiogallery.msdn.microsoft.com/73bf2d8e-aec6-406c-8e7f-1c678e46557f