Site Collections Test

SharePoint Site Collection, just as the name implies, is a collection of SharePoint Sites. Each site collection contains a single top-level site and subsites below it. Each site collection has its unique site columns (metadata), navigation, permissions (security groups), site templates, branding, etc.

Typically, server resources such as CPU and RAM are allocated to an Office 365 tenant as a whole based on the number of user licenses; these resources are then shared by all site collections in the tenant. This means that there is the danger of a single site collection exhausting the resources across the tenancy. To avoid this, organizations that have customized site collections or sandboxed solutions use resource quotas. By applying resource quotas to specific collections, administrators can ensure that custom code running in specific site collections does not deplete all server resources assigned to the tenancy.

Like CPU and RAM, storage resources are also allocated to a tenant based on the number of user licenses associated with that tenancy. This storage can then be allocated to the site collections in one of the following ways:

  • Automatically, using pooled storage
  • Manually, by explicitly configuring storage allocations on a per-site collection basis

The pooled storage model allows SharePoint Online to manage storage automatically rather than storage management being a task performed manually by an administrator. Site collections automatically draw the storage resources from the pool as and when they need it, up to a maximum of 25 TB per collection.

On the other hand, if you prefer to fine tune the storage space allocated to each site collection, you can set your storage management option to "manual" and specify individual site collection storage limits.

Regardless of what resource (whether CPU, memory, or storage) is managed and how it is managed (whether automatically or manually), the goal is to ensure that all site collections have the resources they need at their disposal at all times! A resource contention will not only impact the performance of sites in the collection, but also that of the web applications they support. This is why, it is imperative that administrators track the resource usage of each site collection closely, proactively detect resource contentions, accurately isolate the contentious resource and the site collection that is impacted, and promptly fine-tune the resource allocation, before performance suffers. This is exactly what the Site Collections Test does!

This test monitors the status, composition (count of subsites), resource allocations, and resource usage of each site collection, and promptly alerts administrators to inactive collections and those that are consuming resources excessively. This way, the test accurately pinpoints the site collections that may exhaust their resource quota/allocation soon, thereby prompting administrators to rapidly right-size the collections. Additionally, the test also reports whether/not a site collection is locked, with detailed diagnostics revealing the type of lock applied (read-only, no access, etc.). When users complain that they are unable to access their site collection or add content to it, this information will enable administrators to figure out why. The count of external users accessing each site collection and the details of these users are also provided, so that administrators can easily perform security audits on accesses to a site collection.

Target of the test : Microsoft SharePoint Online

Agent deploying the test : A remote agent

Outputs of the test : One set of results for each site collection

First-level descriptor: Site collection URL

Configurable parameters for the test
Parameters Description

Test period

How often should the test be executed

Host

The host for which the test is to be configured. By default, this is portal.office.com

Tenant Name

This parameter applies only if you want the eG agent to use Azure AD Certificate-based Authentication for accessing and monitoring an O365 tenant and its resources.

Azure AD certificate-based authentication (CBA) enables customers to allow or require users to authenticate with X.509 certificates against their Azure Active Directory (Azure AD) for applications and browser sign-in. When monitoring highly secure Office 365 environments, you can configure the eG agent to identify itself to a tenant using a valid X.509 certificate, so that it is allowed secure access to the tenant and its resources.

By default, the value of this parameter is none. This means that, by default, the eG agent does not use certificate-based authentication to connect to an O365 tenant.

On the other hand, if you want the eG agent to use this modern authentication technique to securely access a tenant's resources, you should do the following:

  1. Enable Azure AD Certificate-based authentication for the target O365 tenant; this can be achieved manually, via the Office 365 portal, or automatically, using Powershell scripts we provide. For the manual procedure, refer to Manually Enabling Certificate-based Authentication For an Office 365 Tenantunder Microsoft Office 365. For the automatic procedure, refer to Automatically Fulfilling Pre-requisites in a Modern Authentication-Enabled Environmentunder Microsoft Office 365.

    When enabling certificate-based authentication, an X.509 certificate will be generated for the target tenant.

  2. Configure the Tenant Name parameter with the name of the tenant for which certificate-based authentication is enabled. Using the tenant name, the eG agent will be able to read the details of the X.509 certificate that is generated for that tenant, and use that certificate to access that tenant's resources. To determine the tenant name, do the following:

    • Log in to the Microsoft 365 Admin Center as an administrator.

    • Under Setup, click on Domains.

    • Find a domain that ends with .onmicrosoft.com - this is your Microsoft O365 tenant name.

O365 User Name, O365 Password, and Confirm Password

These parameters need to be configured only if the Tenant Name parameter is set to none. On the other hand, if a valid Tenant Name is configured, then you should set these parameters to none .

For execution, this test requires the privileges of an O365 user who has been assigned theService support admin and SharePoint admin roles and is vested with the View-Only Audit Logs permission. Configure the credentials of such a user against O365 User Name and O365 Password text boxes. Confirm the password by retyping it in the Confirm Password text box.

While you can use the credentials of any existing O365 user with the aforesaid privileges, it is recommended that you create a special user for monitoring purposes using the Office 365 portal and use the credentials of that user here. To know how to create a new user using the Office 365 portal and assign the required privileges to that user, refer to Creating a New User in the Office 365 Portal under Microsoft Office 365 . You can also use eG's proprietary PowerShell script to automatically create a new user, or assign the required privileges to an existing user. To know how to use this script, refer to theAutomatically Fulfilling Pre-requisites in a Basic Authentication-Enabled Environmenttopicunder Microsoft Office 365 .

O365 Domain

This parameter needs to be configured only if the Tenant Name parameter is set to none. On the other hand, if a valid Tenant Name is configured, then you should set this parameter to none .

To have a personalized business email address, team site address, or even an account name, you set up a domain name with Office 365. A domain is a unique name that appears after the @ sign in email addresses, and after www. in web addresses. It typically takes the form of your organization's name and a standard Internet suffix, such as yourbusiness.com or stateuniversity.edu. Office 365 gives you an initial domain name to use. By default, this will be of the format: *.onmicrosoft.com - eg., abc.onmicrosoft.com. To enable this test to pull metrics, you need to configure the test with the name of this initial domain. Therefore, configure the O365 Domain parameter with the name of the initial domain. To know what is your Office 365 initial domain name, do the following:

  1. Log on to the Microsoft Office 365 Online Portal using an administrative account.
  2. Under Management, click on Domains.
  3. The initial domain should be listed with a name ending with .onmicrosoft.com.

Domain, Domain User Name, Domain Password, and Confirm Password

These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server.

In this case, in the Domain text box, specify the name of the Windows domain to which the eG agent host belongs. In the Domain User Name text box, mention the name of a valid domain user with login rights to the eG agent host. Provide the password of that user in the Domain Password text box and confirm that password by retyping it in the Confirm Password text box.

On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of these parameters. By default, these parameters are set to none.

Proxy Host, Proxy Port, Proxy User Name, and Proxy Password

These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server.

In this case, provide the IP/host name and port number of the Proxy server that the eG agent should use in the Proxy Host and Proxy Port parameters, respectively.

If the Proxy server requires authentication, then specify the credentials of a valid Proxy user against the Proxy User Name and Proxy Password text boxes. Confirm that password by retyping it in the Confirm Password text box. If the Proxy server does not require authentication, then specify none against the Proxy User Name, Proxy Password, and Confirm Password text boxes.

On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of any of the Proxy-related parameters. By default, these parameters are set to none.

DD Frequency

Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 2:1. This indicates that, by default, detailed measures will be generated every second time the test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD Frequency.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enabled/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Status

Indicates the current status of this site collection.

The values that this measure can report and their corresponding numeric values are listed in the table below:

Measure Value Numeric Value
Active 1
Inactive 0

Note:

By default, this measure reports the Measure Values in the table above to indicate the status of a site collection. In the graph of this measure however, the same is indicated using the numeric equivalents only.

Webs count

Indicates the number of sites in this site collection.

Number

Storage quota limit

Indicates the maximum storage space allocated to this site collection.

GB

Storage used

Indicates the percent usage of the storage resources allocated to this collection.

Percent

If the value of this measure is close to 100%, it implies that the site collection is about to exhaust the allocated storage resources. You may want to allocate more resources to such a collection, in this case, so that the performance of sites in that collection do not deteriorate.

Current resource usage

Indicates the number of server resources currently utilized by this site collection.

Number

If the value of this measure is close to the value of the Resource quota limit measure for a site collection, it implies that the site collection is consistently over-utilizing its resources and may run out of server resources very shortly. In such a case, you may want to consider fine-tuning the Resource quota of that site collect

Average resource usage

Indicates the average number of server resources utilized by this site collection.

Number

If the value of this measure is close to the value of the Resource quota limit measure for a site collection, it could imply a sudden spike in resource usage of that collection.

Resource quota limit

Indicates the server resource quota set for this site collection.

Number

If the value of the Current resource usage measure is close to the value of this measure for a site collection, it could imply a sudden spike in resource usage.

On the other hand, if the value of the Average resource usage measure is close to the value of this measure, it implies that the site collection is consistently over-utilizing its resources and may run out of server resources very shortly. In such a case, you may want to consider fine-tuning the Resource quota of that site collection.

Resource quota warning level

Indicates at what usage level administrators should be warned of a resource contention on this site collection.

You can configure an email to be sent to the primary site collection administrator when the resource utilization reaches a specific percentage of the assigned quota.

If such a warning level is set, this measure will report a percentage value. This means that the primary site collection administrator can expect an email alert if the site collection consumes the configured percentage of its Resource quota limit.

Locked?

Indicates whether/not this site collection is locked.

The values that this measure can report and their corresponding numeric values are detailed in the table below:

Measure Value Numeric Value
Yes 1
No 0

Note:

By default, this measure reports the Measure Values in the table above to indicate the lock status of a site collection. In the graph of this measure however, the same is indicated using the numeric equivalents only.

If the value of this measure is Yes, then you can use the detailed diagnosis of this measure to know the type of lock that has been applied on the site collection. The possible options are as follows:

Locking option Description
Adding content prevented Prevents users from adding new content to the site collection. Updates and deletions are still allowed.
Read-only Prevents users from adding, updating, or deleting content. When a user attempts to add, update, or delete content, the user receives an error message that informs the user that access is denied and that the user does not have permission to perform the action or access the resource. A read-only lock can be either site collection administrator controlled if the site collection is archived or farm administrator controlled.
No access Prevents users from accessing the site collection and its content. Users who attempt to access the site receive an error page that informs the user that the website declined to show the webpage.

Days since content was modified

Indicates the number of days that has elapsed since the content in this site collection was last modified.

Days

The detailed diagnosis of the Status measure reveals the template, title, and owner of the site collection.

Figure 1 : The detailed diagnosis of the Status measure reported by the Site Collections test

The detailed diagnosis of the External users measure lists the name and email ID of every external user who accesses the site collection. The date on which each user was created, who invited that user to access the site collection, and the email ID using which the invitation was accepted by the external user are also provided as part of detailed diagnostics.

Figure 2 : The detailed diagnosis of the External users measure