I had the opportunity to assist a customer in their decision making process as they looked for a SharePoint security management tool. Basically, I was the middle man, which lets me get all of the sales and marketing emails, and protects the customer from getting harrassed by sales people ;) .
The customer’s requirements were simple:
- Report on all users who have access, and level of permission, to a site.
- Report on all sites a specified user has access to.
- Include details on how the user is gaining their access: direct access, SharePoint groups and/or Active Directory groups.
- Site owners had to be able to access these reports.
- Integration with SharePoint is preferred.
- Delete a user from everywhere in SharePoint, multiple web applications, site collections, etc.
- Clone user permissions to a new user.
There were some secondary “nice to haves”: activity reporting, storage/content reporting, move libraries and keep metadata.
I did some initial research and narrowed down our results to AvePoint’s DocAve and Axceler’s ControlPoint. I threw it up on Twitter as well, and got some good feedback for both sides. We then reviewed any and all materials we could find on their web sites including a recorded webinar. Funny enough both of their webinars were for SharePoint 2007 (they both said the 2010 videos are coming soon) . We liked what we saw on both, and decided to get someone on the phone for a conference call and a live demo. This is where the key decisions were made.
Both systems handled the reporting requirements and the deletion and cloning of a user well. In addition, the “nice to haves” were there as well. Like I said, requirements were simple.
The biggest difference is how they each interacted with SharePoint.
- Has a separate web interface, their enterprise management console. This utilized a separate authentication login, however did authenticate against Active Directory.
- Required agents to be installed on the SharePoint servers and would discover and index the farm on a periodic schedule.
- Reports can be pulled up on the fly or can be scheduled, but the scheduled reports had to be emailed or saved to disk.
- There was no SharePoint integration.
- Sits inside its own web application within the SharePoint farm, on an alternate port.
- Imports your sites owners as users within the application. Along with activation of a site feature, admins can access their site’s reports via a link to the Site Actions menu and Site Settings page.
- Reports are also available on the fly, or can be scheduled. The scheduled reports can be emailed, saved to a SharePoint library or saved to a SharePoint list (I loved this as we can now build some PowerPivot reports and PerformancePoint KPIs based on security!)
- Reports can pull from cache or use current live data.
Axceler’s ControlPoint’s tight SharePoint integration made it the perfect fit for our needs!
We initially installed ControlPoint on a MOSS farm, which gave us a slew of headaches (several issues around the farm configuration and the ControlPoint application). Axceler’s support team was amazing. Daily they worked with me to resolve the issues around our farm, provided new DLLs, and everything. I hate to have to call support, but when I do, it’s awesome to have a great, responsive support team available!
I look forward to using ControlPoint as we move forward with new a new farm and migrating data and users from the old to the new!