TFS 2013 Care and Feeding
-
Upload
angela-dugan -
Category
Technology
-
view
1.213 -
download
0
description
Transcript of TFS 2013 Care and Feeding
Being Ready for the Long Haul
Angela Dugan
ALM Practice Manager
Polaris Solutions
Managing TFS Templates
Managing TFS Security
Other TFS Admin Tools
TFS Should Be PLANNED to ensure:
Effectiveness
Flexibility
Scalability
TF Server
Project Collection 1
Team Project C
Master team
Sub-Team 1 Sub-Team 2
Project Collection 2
Team Project A
Team Project B
Web TeamMobile Team
TPC = Collection of *tightly related* Team Projects
TPC = SQL Database
Can be backed up and restored individually
TPCs are a Hard Boundary for Sharing and Visibility!
Create only as many TPCs as absolutely necessary
No sharing of:
Work Items
Source Code
Queries
Reports
Build Controllers
Team Project Collections CANNOT be renamed*
TF Server
Project Collection 1
Team Project C
Master team
Sub-Team 1 Sub-Team 2
Project Collection 2
Team Project A
Team Project B
Web TeamMobile Team
Team Project <> “Project”
TP = Logical “view” of data
Team Projects Contain
1 Process Template
1 set of Roles/Permissions
1 SharePoint portal (optional)
1 Reports site (optional)
Create only as many TPs as necessary
TPs can be broken into “Teams”
Work Items Visible Across TPs
Source code Visible Across TPs
Reports Scoped Across TPs
Queries Scoped Across TPs
No ability to backup and restore*
http://msdn.microsoft.com/en-us/library/ee748449.aspx
No sharing of:
Work Item Templates and Definitions
Work Item Categories
Build Definitions
Areas and Iterations
Work Items cannot be MOVED to another Team project
Team Projects CANNOT be renamed
Consideration Recommendation
Codebases are being shared New or Same Team Project
Database level artifact isolation required New Team Project Collection
Organizational portfolio management needed ONE Team Project
Desire to minimize administration New or Same Team Project
Ability to easily scale due to database growth New Team Project Collection
Need to hand off code/project to client New Team Project Collection
Need a new process template or SCM (TFGit) New Team Project
Absolute minimum TFS administration overhead
Easy sharing of code, work items, builds, etc.
Allows for organizational portfolio management in TFS
Great in theory, complicated in practiceVery deep hierarchies of Areas and Iterations
Builds folder may get unwieldy
All users must agree on a process (not always easy)
Security can be VERY complex if isolation is required
TF Server
Project Collection 1
Team Project C
Master team
Sub-Team 1 Sub-Team 2
Project Collection 2
Team Project A
Team Project B
Web TeamMobile Team
Named group of users
Provides narrowed scope for viewing work items and status
Can be used to secure access to Team Project artifacts
Each team has their own planning tools and views
http://msdn.microsoft.com/en-us/library/hh528603.aspx
Areas used to categorize
WIT
Map to Teams
Control Content on Team
Backlogs
User Defined
Securable
Used to Schedule WIT
Attach to Product & Sprint
Backlogs
Map to Backlogs
User Defined
Securable
Pros
Teams can be categorized into sub-teams
Teams are allocated their own, isolated backlogs
Cons
Teams cannot be shared across Team Projects
Teams are flat user lists
>100 users will not be loaded by Team Explorer
Managing TFS Templates
Managing TFS Security
Other TFS Admin Tools
Agile, CMMI, Scrum included
Many free 3rd Party options
Customize to match YOUR process
Defines:Who is on your team?
What can people do?
How should they do it?
http://msdn.microsoft.com/en-us/library/ms400752.aspx
Behind the scenes it’s just a bunch of XML
Work Item Type Definitions
Work Item Categories
Work Item Links
Queries
Reports
Lab Settings
Build Settings
Portal Settings
Process Guidance
Source Control Settings
Backlog Work Item Types
Quick-Add Settings
Default Columns & Widths
Feedback Work item attributes
Work Item Categories
Meta-states
Weekend days
Work Item Colors
Don’t customize before using OOB first!
Yes you can customize. But SHOULD you?
Keep changes additive whenever possible
Don’t customize only at the Team Project level (or be prepared for large consulting bills at upgrade time)
Keep a “sandbox” TPC for piloting customizations
Apply a dev process to releasing and testing customizations
Always version your changes in SCM
Checkout template artifacts being edited
Download core template (unless change is specific to TP)
Edit template itemsIf editing on server using Power Tools, make sure to export change to local copy of process template
Upload changes to sandbox Team Project and verify
Upload change to “production” Team Project and verify
Upload Process Template to TPC (overwrite existing)
Check in template
TFS Structure and Anatomy
Managing TFS Templates
Managing TFS Security
Other TFS Admin Tools
Configuration and Maintenance Best Practices
Team Foundation Server Instance
Team Foundation Server Team Collection
Team Foundation Server Team Project
Team Foundation Server Teams
Team Foundation Web Access
SharePoint Site Collection
SharePoint Sites
Reports Server
TFS group security and permissions can be found here: http://msdn.microsoft.com/en-us/library/vstudio/ms252587.aspx
SharePoint security here: http://office.microsoft.com/en-us/sharepoint-server-help/manage-membership-of-sharepoint-groups-HA101794106.aspx?CTT=5&origin=HA101794118
Pre-defined roles for SSRS can be found here: http://msdn.microsoft.com/en-gb/library/ms157363.aspx
TFS Permissions Managed via Admin Console and Web
Permissions Limited to Team Projects
Permissions Inherited via Group Membership
SharePoint Permissions Managed via Central Admin and SharePoint Site Security
Permissions can be scoped to Collection or Site
Permissions Inherited via AD Group Membership
Reporting Permissions Managed via Reports Server Site
Permissions can be scoped to Server or Project Folders
Permissions Inherited via AD and/or SharePoint Group Membership
http://msdn.microsoft.com/en-us/library/ms253094%28v=vs.110%29.aspx
Permissions are usually* inherited from group membership.
Permissions can be allow, deny, or “not set”.
For almost all permissions, deny trumps allow.
If permissions are not explicitly set to allow, they are implicitly denied unless an allow has been
inherited via group membership (“inherited allow”).
If a user belongs to multiple groups, and ANY one group has a specific permission set to deny, that
user will not be able to perform tasks that require that permission (“inherited deny”).
TFS, TPC, and TP Administrator level permissions CANNOT be edited.
*With build, version control, and work item related artifacts, explicit permissions that are set on a particular object override those that are inherited from
the parent objects. This allows you to do things like allow a user access to a root source control folder, but deny them access to one of that folder’s
branches.
Area: Area-level permissions are specific to a single project's users and groups.
Iteration: Iteration-level permissions are specific to a single project's users and groups.
Work Item Query: Work item query permissions are specific to the queries and query folders that
you create. You can set permissions on queries and folders that are created under Team Queries to
enable or restrict access.
Build: Build-level permissions are specific to a single project's users and groups. You can set build
permissions at the team project level, and you can also set permissions for specific build definitions
(ex: locking down production deployment build scripts).
Version Control: Version control permissions are specific to source code files and folders.
Team: When a team is created, the team group is added to the TFS “Contributors” group for the
team project, by default. So when you add a team member, that person is also added to the
Contributors group by virtue of being a member of your team.
Managing TFS Templates
Managing TFS Security
Other TFS Admin Tools
Now an OOB Feature with TFS 2013
Backups up any/all TFS related databases
Nightly, Manual or Custom
Full, Differential, Transactional
Allows for TPC-level Restore
Notifications Available
TFS Power Tools: TFS extensions for managing TFS resources
and providing advanced capabilities.
CodePlex Add-Ons: community based, often authored by
Microsoft employees, not officially supported
Visual Studio Gallery: similar to CodePlex, officially supported by
Microsoft
Third-Party Plug-ins: usually free, extends TFS capabilities
TFS Power Tools:Check-in Policy Add-on PackProcess EditorBest Practices Analyzer
CodePlex/VS GalleryTFS Admin ToolTeam Project ManagerCommunity Build Manager
Third-Party ToolsAttrice Sidekicks
Other - TFS Operational Intelligence Reporting
Add-Ons
Code Analysis
Custom Path
Forbidden patterns
Work Item Queries
Found in TFS Power Tools: http://visualstudiogallery.msdn.microsoft.com/f017b10c-02b4-4d6d-9845-58a06545627f
Import/Export/Manage:
Work Item Definitions
Workflow
Form Layout
Global Lists
Open/Edit from file or server
Found in TFS Power Tools:
http://visualstudiogallery.msdn.microsoft.com/f01
7b10c-02b4-4d6d-9845-58a06545627f
Scan TFS Instance
Hardware AND Software
Detect Security Issues
Lists non-default settings
Detects non-compliance with
best practices
Recommends remediation
http://msdn.microsoft.com/en-us/library/ee248645%28v=vs.100%29.aspx
http://tfsadmin.codeplex.com/
Free TFS Analyzer Tool:View team project activities
View and edit SCM settings
View branch hierarchies
View and edit security group and settings
View and edit build templates
View and edit build definitions
Compare templates
View and edit process configuration
http://teamprojectmanager.codeplex.com/
http://visualstudiogallery.msdn.microsoft.com/73bf2d8e-aec6-406c-8e7f-1c678e46557f
Visualization and Admin Add-On for TFS:
Workspaces
Security and Permissions
Code Review
SCM History and Labels
http://www.attrice.info/
Activity LogEvery command that every user has executed against TFS for the last 14 days.
TFS Job MonitoringTFS Background Job Agent schedules and queues jobs within TFS
Total Run Time - How long jobs take to Execute
Number of Jobs Run - Number of times jobs are run and status
Average Run and Queue Time - Number of jobs executing at a particular time, average time that they waited in the queue, and average run time
Job Queue - which jobs are currently queued, their priorities and when they are expected to start.
Managing TFS Templates
Managing TFS Security
Other TFS Admin Tools
Follow recommended hardware and software guidelines: http://msdn.microsoft.com/en-us/library/dd578592.aspx
Don’t skimp on hardware if you don’t have to!
Apply all security updates. ‘Critical’ updates should be applied within
48 hours
Be on the latest TFS release
Be on the latest edition of SQL that is supported by the TFS version.
Be on Enterprise edition for high-scale environments.
Be on the latest OS release supported by the combination of SQL +
TFS
Be on the latest supported drivers for your hardware
Collect a performance baseline for a representative period of time
• Helps to identify bottlenecks
• Serves as a useful diagnostics tool in the future
• A collection over a 24 hour period on a weekday @ 1-5min intervals
to a local file should be sufficient. Don’t know which counters to
collect? Download the PAL tool and look at the “threshold files” for
“System Overview” on all your servers, “SQL Server” on your data
tier servers, and "IIS" and ".NET (ASP.NET)" for your application tier
servers.
Ensure antivirus exclusions are correct for TFS, SQL and
SharePoint (KB2636507)
Ensure firewall rules are correct
Ensure page file settings are configured for an appropriately
sized disk
Ensure memory dump settings are configured for Complete
memory dump
Don’t run SQL or TFS as a local administrator
For HA scenarios, configure 2+ application tiers in a load balanced
configuration
Ensure that SQL Page Compression is enabled for up to a 3X storage
reduction on tables other than tbl_Content (if running on SQL Enterprise or
Data Center Edition)
Check that SOAP gzip compression is enabled (vastly improved user
experience response times for work item operations)
Disable / monitor the IIS Log files so they don’t fill the drive:
%windir%\system32\inetsrv\appcmd set config -
section:system.webServer/httpLogging /dontLog:"True" /commit:apphost
Change the TFS App Pool Idle Timeouts from 20 minutes to 0 and disable
scheduled recycling to prevent app-pool recycle during business hours
Implement a TFS Proxy Server and make sure people use it
Especially impactful for build server!
Even if no users are remote it reduces the requests/sec load on the ATs
Enable SMTP settings and validate that they work (we commonly see issues
where SMTP server won’t relay as the TFD service account)
Set TFS’s NotificationJobLogLevel = 2 to get full errors for any event
notification jobs that fail
Periodically run the BPA included with the Team Foundation Server Power Tools.
Periodically review the activity log and job monitoring sections of the TFS
“Operations Interface” at http://yourserver:8080/tfs/_oi/
Check for heavy users using Execution Time reports from the Performance report
pack and tbl_Command in the TPC databases.
Check build retention policies to ensure stale build logs and results and drops are
being cleaned up.
Clean-up tbl_Content by running the Test Attachment Cleaner tool.
Clean-up unused workspaces and shelvesets. (Workspace and Shelveset sidekicks
rock for this!)
Clean-up unused work item tracking fields (witadmin listfields /unused).
Check Cube and Warehouse health using Admin report pack.
Check work item tracking metadata size, and clean up constants / global list sizes
(automatic cleanup in 2012.2). Look at the file/folder sizes in
%localappdata%\Microsoft\Team Foundation\4.0\Cache.
Evaluate work item tracking fields that are set to reportingtype=’dimension’. Do they
really need to be in the cube? If not, set them to ‘detail’
Evaluate if you have custom work item tracking fields that are used in many work
item queries and would benefit from being indexed. (witadmin indexfield /index:on).
Check tbl_EventSubscriptions for invalid email and SOAP subscriptions. Use TFS
2012 web access as an admin to view ‘All Alerts’ and delete them
Monitor disk space usage on the build agents
Monitor queue time for the builds, spin up more agents as needed
Clean up the \Builds folder on build agents to remove old workspaces
Backup the Symbols share regularly
Backup the Builds Drop folder regularly
Exclude \Builds, \Symbols, \Drop, Team Explorer Cache from Anti-virus real time scanning
TFS Build Manager Extension: http://visualstudiogallery.msdn.microsoft.com/73bf2d8e-aec6-406c-8e7f-1c678e46557f