3. TFS Should Be PLANNED to ensure:
Effectiveness
Flexibility
Scalability
4. TF Server
Project
Collection 1
Team Project
C
Master team
Sub-Team 1 Sub-Team 2
Project
Collection 2
Team Project
A
Team Project
B
Web Team
Mobile Team
5. TPC = Collection of *tightly related*
Team Projects
TPC = SQL Database
Can be backed up and restored
individually
TPCs are a Hard Boundary for
Sharing and Visibility!
Create only as many TPCs as
absolutely necessary
6. No sharing of:
Work Items
Source Code
Queries
Reports
Build Controllers
Team Project Collections CANNOT be renamed*
7. TF Server
Project
Collection 1
Team Project
C
Master team
Sub-Team 1 Sub-Team 2
Project
Collection 2
Team Project
A
Team Project
B
Web Team
Mobile Team
8. Team Project <> “Project”
TP = Logical “view” of data
Team Projects Contain
1 Process Template
1 set of Roles/Permissions
1 SharePoint portal (optional)
1 Reports site (optional)
Create only as many TPs as necessary
9. TPs can be broken into “Teams”
Work Items Visible Across TPs
Source code Visible Across TPs
Reports Scoped Across TPs
Queries Scoped Across TPs
No ability to backup and restore*
http://msdn.microsoft.com/en-us/library/ee748449.aspx
10. No sharing of:
Work Item Templates and Definitions
Work Item Categories
Build Definitions
Areas and Iterations
Work Items cannot be MOVED to another Team project
Team Projects CANNOT be renamed
11. Consideration Recommendation
Codebases are being shared New or Same Team Project
Database level artifact isolation required New Team Project Collection
Organizational portfolio management needed ONE Team Project
Desire to minimize administration New or Same Team Project
Ability to easily scale due to database growth New Team Project Collection
Need to hand off code/project to client New Team Project Collection
Need a new process template or SCM (TFGit) New Team Project
12. Absolute minimum TFS administration overhead
Easy sharing of code, work items, builds, etc.
Allows for organizational portfolio management in TFS
Great in theory, complicated in practice
Very deep hierarchies of Areas and Iterations
Builds folder may get unwieldy
All users must agree on a process (not always easy)
Security can be VERY complex if isolation is required
13. TF Server
Project
Collection 1
Team Project
C
Master team
Sub-Team 1 Sub-Team 2
Project
Collection 2
Team Project
A
Team Project
B
Web Team
Mobile Team
14. Named group of users
Provides narrowed scope for
viewing work items and status
Can be used to secure access to
Team Project artifacts
Each team has their own planning
tools and views
http://msdn.microsoft.com/en-us/library/hh528603.aspx
15. Areas used to categorize
WIT
Map to Teams
Control Content on Team
Backlogs
User Defined
Securable
16. Used to Schedule WIT
Attach to Product & Sprint
Backlogs
Map to Backlogs
User Defined
Securable
17. Pros
Teams can be categorized into sub-teams
Teams are allocated their own, isolated backlogs
Cons
Teams cannot be shared across Team Projects
Teams are flat user lists
>100 users will not be loaded by Team Explorer
19. Agile, CMMI, Scrum included
Many free 3rd Party options
Customize to match YOUR process
Defines:
Who is on your team?
What can people do?
How should they do it?
http://msdn.microsoft.com/en-us/library/ms400752.aspx
22. Work Item Type Definitions
Work Item Categories
Work Item Links
Queries
Reports
Lab Settings
Build Settings
Portal Settings
Process Guidance
Source Control Settings
23. Backlog Work Item Types
Quick-Add Settings
Default Columns & Widths
Feedback Work item attributes
Work Item Categories
Meta-states
Weekend days
Work Item Colors
24. Don’t customize before using OOB first!
Yes you can customize. But SHOULD you?
Keep changes additive whenever possible
Don’t customize only at the Team Project level (or be prepared for
large consulting bills at upgrade time)
Keep a “sandbox” TPC for piloting customizations
Apply a dev process to releasing and testing customizations
Always version your changes in SCM
25.
26. Checkout template artifacts being edited
Download core template (unless change is specific to TP)
Edit template items
If editing on server using Power Tools, make sure to export change to
local copy of process template
Upload changes to sandbox Team Project and verify
Upload change to “production” Team Project and verify
Upload Process Template to TPC (overwrite existing)
Check in template
27. TFS Structure and Anatomy
Managing TFS Templates
Managing TFS Security
Other TFS Admin Tools
Configuration and Maintenance Best Practices
28. Team Foundation Server Instance
Team Foundation Server Team Collection
Team Foundation Server Team Project
Team Foundation Server Teams
Team Foundation Web Access
SharePoint Site Collection
SharePoint Sites
Reports Server
TFS group security and permissions can be found here: http://msdn.microsoft.com/en-us/library/vstudio/ms252587.aspx
SharePoint security here: http://office.microsoft.com/en-us/sharepoint-server-help/manage-membership-of-sharepoint-groups-HA101794106.aspx?CTT=5&origin=HA101794118
Pre-defined roles for SSRS can be found here: http://msdn.microsoft.com/en-gb/library/ms157363.aspx
29.
30.
31. TFS Permissions Managed via Admin Console and Web
Permissions Limited to Team Projects
Permissions Inherited via Group Membership
SharePoint Permissions Managed via Central Admin and SharePoint Site Security
Permissions can be scoped to Collection or Site
Permissions Inherited via AD Group Membership
Reporting Permissions Managed via Reports Server Site
Permissions can be scoped to Server or Project Folders
Permissions Inherited via AD and/or SharePoint Group Membership
http://msdn.microsoft.com/en-us/library/ms253094%28v=vs.110%29.aspx
32. Permissions are usually* inherited from group membership.
Permissions can be allow, deny, or “not set”.
For almost all permissions, deny trumps allow.
If permissions are not explicitly set to allow, they are implicitly denied unless an allow has been
inherited via group membership (“inherited allow”).
If a user belongs to multiple groups, and ANY one group has a specific permission set to deny, that
user will not be able to perform tasks that require that permission (“inherited deny”).
TFS, TPC, and TP Administrator level permissions CANNOT be edited.
*With build, version control, and work item related artifacts, explicit permissions that are set on a particular object override those that are inherited from
the parent objects. This allows you to do things like allow a user access to a root source control folder, but deny them access to one of that folder’s
branches.
33. Area: Area-level permissions are specific to a single project's users and groups.
Iteration: Iteration-level permissions are specific to a single project's users and groups.
Work Item Query: Work item query permissions are specific to the queries and query folders that
you create. You can set permissions on queries and folders that are created under Team Queries to
enable or restrict access.
Build: Build-level permissions are specific to a single project's users and groups. You can set build
permissions at the team project level, and you can also set permissions for specific build definitions
(ex: locking down production deployment build scripts).
Version Control: Version control permissions are specific to source code files and folders.
Team: When a team is created, the team group is added to the TFS “Contributors” group for the
team project, by default. So when you add a team member, that person is also added to the
Contributors group by virtue of being a member of your team.
36. Now an OOB Feature with TFS 2013
Backups up any/all TFS related databases
Nightly, Manual or Custom
Full, Differential, Transactional
Allows for TPC-level Restore
Notifications Available
37.
38.
39. TFS Power Tools: TFS extensions for managing TFS resources
and providing advanced capabilities.
CodePlex Add-Ons: community based, often authored by
Microsoft employees, not officially supported
Visual Studio Gallery: similar to CodePlex, officially supported by
Microsoft
Third-Party Plug-ins: usually free, extends TFS capabilities
40. TFS Power Tools:
Check-in Policy Add-on Pack
Process Editor
Best Practices Analyzer
CodePlex/VS Gallery
TFS Admin Tool
Team Project Manager
Community Build Manager
Third-Party Tools
Attrice Sidekicks
Other - TFS Operational Intelligence Reporting
41. Add-Ons
Code Analysis
Custom Path
Forbidden patterns
Work Item Queries
Found in TFS Power Tools:
http://visualstudiogallery.msdn.microsoft.com/f0
17b10c-02b4-4d6d-9845-58a06545627f
46. Free TFS Analyzer Tool:
View team project activities
View and edit SCM settings
View branch hierarchies
View and edit security group and settings
View and edit build templates
View and edit build definitions
Compare templates
View and edit process configuration
http://teamprojectmanager.codeplex.com/
49. Visualization and Admin Add-On for
TFS:
Workspaces
Security and Permissions
Code Review
SCM History and Labels
http://www.attrice.info/
50.
51. Activity Log
Every command that every user has executed against TFS for the last 14 days.
TFS Job Monitoring
TFS Background Job Agent schedules and queues jobs within TFS
Total Run Time - How long jobs take to Execute
Number of Jobs Run - Number of times jobs are run and status
Average Run and Queue Time - Number of jobs executing at a particular time, average time that they waited
in the queue, and average run time
Job Queue - which jobs are currently queued, their priorities and when they are expected to start.
55. Follow recommended hardware and software guidelines:
http://msdn.microsoft.com/en-us/library/dd578592.aspx
Don’t skimp on hardware if you don’t have to!
56. Apply all security updates. ‘Critical’ updates should be applied within
48 hours
Be on the latest TFS release
Be on the latest edition of SQL that is supported by the TFS version.
Be on Enterprise edition for high-scale environments.
Be on the latest OS release supported by the combination of SQL +
TFS
Be on the latest supported drivers for your hardware
57. Collect a performance baseline for a representative period of time
• Helps to identify bottlenecks
• Serves as a useful diagnostics tool in the future
• A collection over a 24 hour period on a weekday @ 1-5min intervals
to a local file should be sufficient. Don’t know which counters to
collect? Download the PAL tool and look at the “threshold files” for
“System Overview” on all your servers, “SQL Server” on your data
tier servers, and "IIS" and ".NET (ASP.NET)" for your application tier
servers.
58. Ensure antivirus exclusions are correct for TFS, SQL and
SharePoint (KB2636507)
Ensure firewall rules are correct
Ensure page file settings are configured for an appropriately
sized disk
Ensure memory dump settings are configured for Complete
memory dump
Don’t run SQL or TFS as a local administrator
59. For HA scenarios, configure 2+ application tiers in a load balanced
configuration
Ensure that SQL Page Compression is enabled for up to a 3X storage
reduction on tables other than tbl_Content (if running on SQL Enterprise or
Data Center Edition)
Check that SOAP gzip compression is enabled (vastly improved user
experience response times for work item operations)
Disable / monitor the IIS Log files so they don’t fill the drive:
%windir%system32inetsrvappcmd set config -
section:system.webServer/httpLogging /dontLog:"True" /commit:apphost
60. Change the TFS App Pool Idle Timeouts from 20 minutes to 0 and disable
scheduled recycling to prevent app-pool recycle during business hours
Implement a TFS Proxy Server and make sure people use it
Especially impactful for build server!
Even if no users are remote it reduces the requests/sec load on the ATs
Enable SMTP settings and validate that they work (we commonly see issues
where SMTP server won’t relay as the TFD service account)
Set TFS’s NotificationJobLogLevel = 2 to get full errors for any event
notification jobs that fail
61. Periodically run the BPA included with the Team Foundation Server Power Tools.
Periodically review the activity log and job monitoring sections of the TFS
“Operations Interface” at http://yourserver:8080/tfs/_oi/
Check for heavy users using Execution Time reports from the Performance report
pack and tbl_Command in the TPC databases.
Check build retention policies to ensure stale build logs and results and drops are
being cleaned up.
Clean-up tbl_Content by running the Test Attachment Cleaner tool.
Clean-up unused workspaces and shelvesets. (Workspace and Shelveset sidekicks
rock for this!)
62. Clean-up unused work item tracking fields (witadmin listfields /unused).
Check Cube and Warehouse health using Admin report pack.
Check work item tracking metadata size, and clean up constants / global list sizes
(automatic cleanup in 2012.2). Look at the file/folder sizes in
%localappdata%MicrosoftTeam Foundation4.0Cache.
Evaluate work item tracking fields that are set to reportingtype=’dimension’. Do they
really need to be in the cube? If not, set them to ‘detail’
Evaluate if you have custom work item tracking fields that are used in many work
item queries and would benefit from being indexed. (witadmin indexfield /index:on).
Check tbl_EventSubscriptions for invalid email and SOAP subscriptions. Use TFS
2012 web access as an admin to view ‘All Alerts’ and delete them
63. Monitor disk space usage on the build agents
Monitor queue time for the builds, spin up more agents as needed
Clean up the Builds folder on build agents to remove old workspaces
Backup the Symbols share regularly
Backup the Builds Drop folder regularly
Exclude Builds, Symbols, Drop, Team Explorer Cache from Anti-
virus real time scanning
TFS Build Manager Extension:
http://visualstudiogallery.msdn.microsoft.com/73bf2d8e-aec6-406c-
8e7f-1c678e46557f