Export (0) Print
Expand All

Design Records Center architecture

Office 2007

Updated: April 23, 2009

Applies To: Office SharePoint Server 2007

Updated: 2009-04-23

In this article:

This article provides recommendations that can help you configure and organize the logical components of a records management solution based on Microsoft Office SharePoint Server 2007 and provides guidance for configuring key features of your records management solution. For recommendations that can help you configure the physical components of your records management solution, see Design records management topology. For an overview of Office SharePoint Server 2007 records management capabilities, see Plan records management.

Plan Web applications

An Internet Information Services (IIS) Web application is a software program hosted on IIS that delivers Web-based information to the user in HTML. Web site solutions based on Office SharePoint Server 2007 are created in the context of IIS Web applications. When you initially create a Web application by using the Office SharePoint Server 2007 Central Administration site, you select a Web site template, and then a site collection containing that Web site is created. After you initially create the Web application, you can then add more site collections to it.

We recommend that you host Records Center sites on a separate Web application because so doing:

  • Helps to ensure that the records stored in the Records Center site will not be commingled with active documents in the database.

  • Ensures that the Records Center site does not inherit permissions or other security settings that might be present on existing Web applications.

  • Enables you to optimize your backup schedule to meet your records management needs.

If you require multiple Records Center sites, it is not necessary to create multiple Web applications. A single Web application can efficiently host multiple Records Center sites, each in its own site collection. For more information, see Determine the number of Records Center sites later in this article.

When you configure Web applications to host Records Center sites, consider the following general configuration recommendations:

  • Quota   A quota sets limits on how much content can be added to a site collection. Because the storage model for Records Center sites is high storage combined with low site usage, there is little benefit in applying a quota to a site collection that is used for records management. However, if you want to receive a warning as a Records Center site approaches the upper limit of its storage capacity, apply a custom quota template to the site collection hosting a Records Center site. Use a template that configures the site collection to send the site owner a warning message as the site approaches its quota. For more information about storage, see Plan databases later in this article.

  • Lock   You can lock a site collection to prevent content being added to it. In records management, locking a site collection to prevent content being added to a Records Center site is rare and primarily related to emergency maintenance, such as when a site has reached its upper limit of storage capacity.

  • Maximum upload size   A Web application has a 50 megabyte (MB) maximum upload size for any item, by default. This is also the recommended upper limit of file sizes that can be submitted to a Records Center site using the Records Center Web service.

  • Recycle Bin   The Recycle Bin is a mechanism for deleting content from a SharePoint site such as a Records Center. It is designed to protect a user from accidentally deleting items by letting the user retrieve them. You configure Recycle Bins for the sites in a Web application by using Central Administration.

    The Recycle Bin can be optionally configured in two stages. In this configuration, when a user deletes an item from a library, it goes to the site Recycle Bin. The user can either retrieve the item from the Recycle Bin or delete it. When a user deletes an item, it is sent to the second-stage Recycle Bin. Only site collection administrators have permissions to view deleted items in the second-stage Recycle Bin and permanently destroy them.

    In a records management scenario, you could configure a second-stage Recycle Bin to provide an extra layer of protection against accidental destruction of records. You could also configure the site Recycle Bin to never delete items automatically, but instead require manual deletion. If you do this, you should provide adequate memory to contain the records that will collect in the second-stage Recycle Bin.

  • Alerts   Alerts are notification messages sent by Office SharePoint Server 2007 to list or library owners when items are changed, added, or deleted. In records management, alerts provide a way for records managers to track the status of the records for which they are responsible. You configure alerts for all sites in a Web application by using Central Administration. Ensure that alerts are enabled and that you allow a high number of alerts per user.

  • Timer Jobs   Features used in records management rely on scheduled background processes. The following list describes the job title and the schedule.

    • Policy Usage Reporting Recurrent runs daily.

    • Hold Processing And Reporting runs daily.

    • Records Center Processing runs daily.

    • Search and Process runs daily.

    • Bulk workflow task processing runs daily.

    You can change the schedule of any timer job by using the Stsadm command-line tool. For more information, see Stsadm command-line tool (Office SharePoint Server).

Determine the number of Records Center sites

You implement records management in Office SharePoint Server 2007 by creating and configuring a Records Center site. You can achieve a large-scale records management solution with a single Records Center site. However, in some cases, the number of records to store might require you to split your storage over two or more Records Center sites.

When you plan how many Records Center sites to deploy, work with your IT team to determine the largest database that they can back up and restore based on your schedule requirements. In a records management solution, the content in the database is not in use and accidental deletions are very rare (and therefore database restoration is also very rare). Consider that, although a 50 gigabyte (GB) content database size limit is recommended for many Office SharePoint Server 2007 solutions, this recommendation is tailored to scenarios in which quick recovery of documents is essential. In different scenarios, much larger database deployments may be achieved. For example, see the following blog article on MSDN: How large for a single SharePoint content database? (http://go.microsoft.com/fwlink/?LinkId=86920&clcid=0x409).

You can associate a separate content database with each site collection in a Web application, but not with separate sites within a site collection. Therefore, to associate separate content databases with each Records Center site, create each Records Center site in a separate site collection.

If your records management solution requires multiple Records Center sites, consider first creating a custom site template that is based on the Records Center site template. The custom site template should contain the following elements: information management policies, content type definitions, and column definitions required for your organization's records management solution. The custom site template enables you to easily share these elements across site collections. For more information about creating custom templates, see the Windows SharePoint Services 3.0 Software Development Kit (http://go.microsoft.com/fwlink/?LinkId=86923&clcid=0x409).

NoteNote:

A Office SharePoint Server 2007 farm can point to a single target Records Center site as the location to which to send records from sites in that farm. If a farm hosting active documents must point to multiple Records Center sites, you must use the Windows SharePoint Services 3.0 object model to implement a custom router in the target Records Center site to route incoming records to the appropriate destination Records Center site. To do this for your custom solution, you must modify the record routing table in the target Records Center site to pass a record submission request to the appropriate Records Center site. For a full description of programming the Windows SharePoint Services 3.0 object model, including programming a Records Center site, see the Office SharePoint Server 2007 Software Development Kit (http://go.microsoft.com/fwlink/?LinkId=71218&clcid=0x409).

For more information about database storage planning, see Plan for performance and capacity (Office SharePoint Server). For information about planning large-scale content repositories, see Plan enterprise content storage.

Plan databases

A Records Center site must be able to store a large number of items. Because the site is acting as a vault or archive, user interactions with the stored items and with the site are typically minimal. Therefore, databases for records management generally should be planned to maximize storage and security at the expense of site performance.

Planning to back up and recover databases used for records management also requires special consideration. In records management, the goal is usually to retain records for a length of time based on business or statutory needs and then delete them. The goal in backing up Records Center sites is to guard against accidental deletion of records and to provide a way to recover from a site disaster, such as from an attack that uses malicious code. The goal is not to preserve another copy of the site's content. Backup copies of records could inadvertently be retained longer than the records themselves, which can possibly make the copies liable to discovery.

As described in the previous section, plan to associate a separate content database with each Records Center site and create each Records Center site in a separate site collection. After determining the number of Records Center sites you need, work with your IT department to determine, for each Records Center site:

  • What size the content database will be. The more content you need to back up, the longer it takes to run a backup.

  • How often you will back up the content database. How often to back up the content database depends on the types of records you are retaining, the frequency with which records are added to the Records Center site, and the availability of your IT team to run the backup operations.

  • What the service window is for restoring Records Center content. This is the amount of time in which your IT team can respond to a crisis and restore data, based on the latest backup. The size of the service window is dependent on the amount of data to restore, which in turn is related to the size of the content database. To determine the appropriate service window for restoring content, you must balance how quickly you want to be able to restore data and how much data you want to store.

Integrate other features into a Records Center site

Use the Records Center site template for creating records sites in Office SharePoint Server 2007. Although the Records Center site template provides a full-featured records management solution, your records management goals might require that you enhance the default records management solution by adding other Office SharePoint Server 2007 features to it. Typical customizations include:

  • Displaying metrics from the Records Center site. Records Center data can be displayed in Microsoft Office Excel 2007 spreadsheets, rendered in individual Key Performance Indicator (KPI) Web parts, or aggregated into a dashboard in the site. Depending on how you configure security, you can limit the availability of this information to records managers, or you can let information workers use this data to view the status of records that they have submitted. For more information about business information integration in Office SharePoint Server 2007, see Plan for business intelligence.

  • Displaying policies. By using lists and Web Parts, you can add documentation to your Records Center home page that describes the policies in place in the Records Center, metrics about policy usage, and other information to make the intended use of — and restrictions on — the site more transparent. For more information about Web page customization, see the Office SharePoint Server 2007 Help system, the Microsoft Office SharePoint Designer 2007 documentation, and the Office SharePoint Server 2007 Software Development Kit (http://go.microsoft.com/fwlink/?LinkId=71218&clcid=0x409).

  • Integrating forms, search, and workflows for physical records management. A physical records storage and management solution is also an inventory tracking solution, because a correlation must be kept between the lists that track items in the Records Center site and the actual physical items that the list items represent. By using forms to search for and request the retrieval of physical records and by using workflows to assign the task of retrieving the records, you can implement a solution that spans the needs of physical and electronic record keeping. For more information, see the following white paper that describes an implementation of such a physical records management solution at Microsoft: Streamlining Records Management Using SharePoint Server 2007 Workflow (http://go.microsoft.com/fwlink/?LinkID=80869&clcid=0x409).

For information about using the Records Center site template, see Design the Records Center site (Office SharePoint Server).

Plan security

To help ensure the safety and immutability of the records you are storing, carefully plan the security configuration for your Records Center sites. You should also consider documenting your security strategy and implementation so that, if needed, you can present the measures you took to secure your records.

General steps to secure your records management solution

Design your server farm and the Web application that contains your Records Center sites to be as secure as possible. For example, it is highly unlikely that you would want to permit access to a Web application that hosts Records Center sites through the Internet security zone, which allows anonymous access.

Carefully review the Office SharePoint Server 2007 security documentation in the chapter Plan server farm security (Office SharePoint Server) and work with your IT team to help ensure that you implement appropriate security for your records management solution. That chapter contains useful security-related guidance including:

  • Hardening Web servers and database servers.

  • Securing communications.

  • Topology design checklist.

NoteNote:

Do not configure the Web application on which the Records Center site is running to use forms authentication. Doing this will require that you enable anonymous submissions to the Records Center site.

Configure permissions in the Records Center sites

In the Office SharePoint Server 2007 security model, individual permissions, such as the permission to add items to a document library, are grouped into permission levels, which authorize users with that permission level to perform sets of related actions, such as contributing content to a site. You can assign permission levels to named groups of users or directly to individual users. When users or groups are associated with securable objects, such as lists, libraries, list items, documents, or sites, their default permission level applies to that object, or you can change their permission level for that object. Office SharePoint Server 2007 includes a set of default permission levels. You can view and change permission levels for a site collection by using the Advanced permissions link on the Site Settings page. For a full description of the Office SharePoint Server 2007 security model, see Plan for and design security (Office SharePoint Server).

The following table lists the default groups and permission levels for Records Center sites.

Group Permission Level

Records Center Web Service Submitters

Limited Access

Members

Contribute

Owners

Full Control

Visitors

Read

Viewers

View Only

The Records Center Web Service Submitters group, which has the Add Items permission on the Records Center site, is intended to grant limited access to users that submit records from other server farms. For each Web application from which records will be submitted, you must add the domain accounts under which the application pools are running for that Web application to the Records Center Web Service Submitters group. When users submit records from those Web applications, this is the account under which the records will be submitted to the Records Center site. Note that users that submit records do not need to be part of any group in the site collection containing the Records Center site.

If you plan to change default permission levels or add custom groups, consider the permissions that are required to perform records management tasks. The tasks and required permissions are listed in the following table.

This task Requires this permission On this securable object

Submit to Records Center site

Edit Items

Add Items

Source site

Records Center site

Call the Records Repository Web Service

Add Items

Records Center site

Manage records

Edit Items

Records Center site

Create record series entries

Edit Items

Record Routing list

Create holds

Add Items

Holds list

Manage and release holds

Edit Items

View Items

File that is on hold

Holds list

View records in search results

View Items.

Records Center site

Additionally, consider the following when you configure permissions in the Records Center site:

  • In general, only give records managers and legal team members Edit Items permissions to content on the Records Center site. For sensitive content, you can limit the set of users with Edit Items permissions by assigning them permissions at the document library, folder, or even list item level. For example, a particularly sensitive document could have a single records manager assigned to manage it.

  • Because the Holds list might contain very sensitive information, limit the set of users of the Holds list to team members who can create holds and team members who can put items on hold.

  • The Records Center site includes a unique permission level, Records Center Submission Completion, which is automatically granted (temporarily) to users to allow them to fill in missing records metadata.

Maximizing vault behavior

You should configure the document libraries in a Records Center site to maximize the libraries' vault behavior, in which you protect against accidental deletion or modification of records. Maximizing vault behavior includes the following actions:

  • Requiring that documents are checked in and checked out.

  • Creating major and minor versions of documents and giving no one the Delete Versions permission level.

  • Not limiting the number of versions to retain.

  • Enabling auditing.

  • Auditing all events.

For an overview of versioning and other document management settings, see Plan versioning, content approval, and check-outs. For a description of the auditing information management policy, see Plan information management policies.

Plan e-mail settings

You should plan to configure your Web applications that host Records Center sites to support outgoing e-mail. Many records management scenarios are enabled by integrating e-mail with the Records Center site. The following list describes common examples of these scenarios.

  • Alerts can be configured so an e-mail message is sent when a record changes or is added.

  • Workflows can be configured to integrate with e-mail so that users are notified of impending workflow tasks via e-mail messages.

  • When a new user is added to the site, an e-mail message can be sent to the user with a link to the site and other information about the site.

If your records management solution includes integration with Microsoft Exchange 2007, you should also configure the Web applications to support incoming e-mail. For more information, see Plan e-mail message records retention. However, if you enable incoming e-mail, do not configure libraries used for records management to accept incoming messages. Records should not be sent directly to a library by using e-mail.

For more information about configuring e-mail integration with Office SharePoint Server 2007, see the following resources:

Plan for logging and reports

Logging and reporting features help records managers track changes to records in Records Center sites and also provide evidence of policy usage in a Records Center site. The following list describes the logging and reporting features included in Office SharePoint Server 2007.

  • Audit logs   The auditing feature logs events and operations performed on documents and list items, such as editing a document or item, checking in or checking out a document or item, and changing permissions on a document or item. You can also use the auditing object model to write custom events to the audit log. For more information, see the Office SharePoint Server 2007 Software Development Kit (http://go.microsoft.com/fwlink/?LinkId=71218&clcid=0x409).

    In records management, use auditing to help protect the security of your Records Center sites. You can configure auditing as part of an information management policy that you apply to a list or document library, or you can configure auditing to audit events across the entire site collection.

    The auditing data for a site collection is stored in the SQL database. You can dynamically generate reports based on auditing data. To do this, on the Site Settings page for the site collection, in the Site Collection Administration section, click Audit log reports. You can view and interact with the reports in Office Excel 2007. Reports include:

    • Content modifications   Shows all events that modified content in the site.

    • Deletion   Shows all events that caused content in the site to be deleted.

    • Security settings   Shows all events that change the site's security settings.

    By using the Windows SharePoint Services 3.0 object model, you can also generate custom reports, which will be listed in addition to the default reports on the View Auditing Reports page.

  • Information management policy usage reports   To track policy usage in a site collection and to gather a record of policy usage for compliance verification, you can configure information management policy usage reports in Central Administration. The reports are generated as XML files that can be viewed in Office Excel 2007 or used as input to a custom solution. You can specify the library in your site in which the reports should be stored, the recurring schedule for creating reports, and you can optionally provide an alternative report template. You can view information management policy usage reports in the same way that you view audit log reports. (On the Site Settings page for the site collection, in the Site Collection Administration section, click Audit log reports.)

Plan for search

Search is a primary tool of records management. For example, if you want to implement a hold in which one or more items' expiration policies are suspended due to litigation or another contingency, you must first locate the items. Because the folder structure of Records Center sites is not conducive to browsing, and because items to place on hold can be distributed in multiple libraries and lists in one or more Records Center sites, the most effective way to locate items is by using search.

Considerations for search in a records management context include:

  • Determining the Shared Services Providers (SSPs).

  • Planning indexing.

  • Planning metadata search.

  • Managing search scopes.

Determine the SSP

An SSP is a logical grouping of shared services and their supporting resources. SSPs can share services across server farms. One of the services that an SSP can provide is indexing content and metadata. In Office SharePoint Server 2007, this is provided by the Office SharePoint Server Search service.

Work with your search administrators to ensure that one or more unique SSPs are available to index the content in your Records Center sites. By indexing Records Center content using dedicated SSPs, you help secure records from unwanted exposure to those users who do not have permissions to view or use the records.

NoteNote:

Even if you use a common or shared SSP, document security is still respected on a per-item basis based on users' permissions to access the content.

Plan indexing

An IFilter enables the Office SharePoint Server Search service to index a particular type of file, such as a Microsoft Office Word 2007 .docx file. Be sure that your search administrators know which types of records are managed in your Records Center sites, that the appropriate file types are enabled for indexing, and that IFilters are in place for indexing the various types of records. (The Office SharePoint Server Search service includes IFilters for common file types.)

NoteNote:

Documents of the same type that are produced by different versions of an application can require different IFilters. Be aware of the versions in use in your organization and communicate this information to your search administrators.

Plan metadata search

Work with your search administrators to manage metadata properties. Some metadata properties should be associated with each other for searching because they contain the same type of information. For example, if your Records Center sites contain both e-mail message records and document records, a search for content created by a particular person should treat the "From" field in e-mail and the "Author" field in documents as equivalent metadata items.

Manage search scopes

A search scope limits the range of a search based on the locations to search, metadata restrictions, or other criteria. One or more search scopes can be associated with the search user interface so that users can narrow the search range. In records management scenarios, it might be useful to define search scopes based on type of record, the identity of the records manager conducting the search, or other records-related criteria. Work with your search administrator to analyze your records storage and determine the best way to define search scopes for your records management solution.

Download this book

This topic is included in the following downloadable book for easier reading and printing:

See the full list of available books at Downloadable books for Office SharePoint Server 2007.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft