Sensei PPM Jumpstart™
Technical Readiness Guide
Document Purpose
This document provides guidance to help prepare for the implementation of the Sensei Jumpstart Solution for Project Online.
This document is not intended to replace detailed documentation provided by Microsoft. See the Online References section for links to current and detailed documentation and configuration from Microsoft.
Online References
This section contains links to on-line references with current and detailed information about the Microsoft Project Online platform.
Provisioning & Configuration Process
The diagram below represents the provisioning and configuration process for Project Online. Configuration in your tenant may differ slightly based upon your requirements.
Readiness Checklist
To ensure that you are ready to begin the configuration of your new Project Online environment, the following prerequisites should be completed before Sensei is scheduled to begin work.
Please fill out Appendix A with information to send to Sensei Project Solutions.
1. Your Office 365 tenant has been created
a. A domain should be chosen, and billing information completed. b. Configure any alternate domains to work with your tenant for Email, Lync or SharePoint services.
2. Tenant Admin Account
a. By default, the account that creates the environment is the first with the Global Administrator role.
3. Configure AD Connect and synchronize your on-premises users (Optional)
4. Add Project Online Subscription to your Tenant
a. Billing > Subscriptions > Add New > Project Online.
b. You can start with a minimal number of licenses (minimum 1).
c. This will create your Project Web App site by default at /sites/pwa
5. Licenses applied to user accounts for Sensei and Project Online Administrators
a. One account will be used by Sensei for configuring and supporting your solutions within Project Online -, this account MUST be licensed for Project Online Premium. This account must remain in place and active during and after implementation, so that Sensei is able to access your environment to maintain solutions and perform health checks as well as assist with any service requests that may arise.
b. One account will be used by the Sensei Reporting Hub , this account MUST be licensed for Project Online (Professional, or Premium). This account must remain in place and active during and after implementation, so that your reporting data can be synchronized to your Reporting Hub instance. Follow instructions here: Appendix C: Creating A Reporting Hub Service Account
c. Any other Project Online administrator within your organization must have a Project Online Premium license.
6. Licenses for additional users
a. Ensure that any Project Manager requiring access to the Project Professional Client are licensed for either Project Online Professional OR Project Online Professional AND Project Professional 2016.
b. Apply Project Online Essentials licenses to Team Members (Resources).
c. Apply Project Online Premium licenses to any Resource Managers, Executives, Application Administrators.
7. Adding Sensei as the Microsoft 'Partner of Record'
(POR) for Project related subscriptions
a. Log into the Office 365 admin portal as a Global Administrator.
b. In the quick launch area select Billing > Subscriptions
c. For each project related subscription (Project Online Essentials, Project Online Professional, Project Online Premium), click on Subscription details
d. Click 'add' under partner information and enter in 2565333.
8. Ensure that the Primary PWA instance is created
a. Check the SharePoint Admin Portal for a site collection that has Project Web App enabled existing at the default site collection of /sites/pwa.
9. Switch Permissions Mode for the Primary PWA instance to Project
Permissions Mode
a. Before switching, ensure that the account performing the switch has the Global Administrators role for Office 365 (You can find this under Admin > Users > Edit the user and go to Settings tab. Also, before switching permissions mode, please add the Sensei configuration account as a secondary administrator for the PWA site collection.
b. (See "Changing Permissions Mode" reference article above.)
10. Change the Server Resource Quota for the PWA Site Collection
a. We see improvement in PWA performance when the server resource quota is increased. The server resource quota refers to "relative CPU and RAM allocation".
b. We recommend increasing the resource quota allocated to the production PWA site collection (/sites/pwa) to 10% of the total available.
c. Select the PWA site collection and click Server Resource Quota from the ribbon.
d. Increase the quota to 10% of the total available.
e. Click Save.
11. Ensure that "Enable Preview Features" is selected in SharePoint
Admin Centre
a. Admin > SharePoint > Settings > Preview Features.
b. See above reference article "Enable Preview Features" for more information.
12. Ensure that "Site Collection Storage Management" is set to
"Automatic" in SharePoint Admin Centre
a. Admin > SharePoint > Settings > Site Collection Storage Management.
b. See above reference article "Site Collection Storage Management" for more information.
c. If you must manually set quotas, please use 50GB for the PWA site collection. *Note the PWA site will have an additional 25GB limit and this is separate from the limit on all other content within the site collection.
13. Add Sensei Account to the Administrators Security group
WITHIN Project Online
a. Navigate to your Project Online environment: use the "Projects" App launcher button OR
b. Click the settings cog icon in the upper right, then PWA settings.
c. Under Security, click Manage Users (If you do not see this, you have not yet switched permissions modes)
d. Click NEW USER:
i. Under User logon account, add the Sensei account
ii. Scroll down to Security Groups and add 'Administrators'. You may remove 'Team Members'.
iii. Click Save.
e. Email Sensei with this document detailing the log in credentials in Appendix A.
14. Add Sensei Account to the Site Collection Administrators group
for the Project Web App site collection
a. Office 365 Portal Admin > Admin > SharePoint
b. Highlight the Project Web App site collection and choose Owners > Manage Administrators from the ribbon
c. Add the Sensei Account as a 'Site Collection Administrator'
15. Enable Project Web App Permission for Excel Web App Refresh
a. Cog Icon > Site Settings > Site Collection Features (under Site Collection Administration.)
b. Click Enable next to Project Web App Permission for Excel Web App Refresh.
16. Prepare for Application Loading
Option A
Create and Grant access to the Tenant App Catalog
- Verify the provisioning of an App Catalog site with your preferred naming conventions as per the first step of this Microsoft guidance.
- Navigate to the App Catalog site -> Site Settings -> Site Collection Administrators
- In the site collection administrator box please add the Sensei Service account and press OK
Option B
Create a Site Collection specific App Catalog.
Note
You must be a SharePoint Tenant Admin to create a Site Collection specific App catalog. The deployment account must have site collection admin access to the Tenant App catalog to deploy to the Site Collection App catalog. This is counter-intuitive but documented.
- Perform all steps in Option A above. Site collection app catalogs are not usable unless the user also has permission to the Tenant Level App catalog.
- Install SharePoint Online Management Shell on your PC with minimum version 16.0.7317.0 from here:
https://www.microsoft.com/en-us/download/details.aspx?id=35588 - Open PowerShell and issue these commands (substitute the "contoso" URLs with your domain and appropriate PWA url):
Connect-SPOService -Url https://contoso-admin.sharepoint.com
Add-SPOSiteCollectionAppCatalog -Site (Get-SPOSite <https://contoso.sharepoint.com/sites/pwa>)
17. Prepare for Reporting Hub Installation
a. If your Jumpstart deployment includes Reporting Hub, follow the instructions for; Appendix C: Creating A Reporting Hub Service Account. This is required to allow for Reporting Hub to respond to events in your Project Online environment.
b. Verify your Azure AD is set to allow 3rd party applications (this is the default setting in Azure AD portal):
c. Verify your SharePoint Online allows non-interactive 3rd party app authentication (this is the default setting in the SharePoint Online administrative portal):
18. Internet Explorer.
For customers that are utilising Internet Explorer on their desktop computers, the following settings are required for full functionality:
a. In addition to the standard Microsoft guidance Sensei Reporting Hub requires the following configuration for Office 365 integration to function correctly:
Trusted Sites Zone:
- https://*.microsoftonline.com
- https://*.sharepoint.com
- https://*.projectserver.com.au
b. Many applications including Portfolio Advisor require 3^rd^ Party cookies to be enabled:
Hardware & Software Requirements Overview
At a high-level, the key requirements for Microsoft Project Online are:
Creation of a new Office 365 tenant to support the subscription(s) OR
Utilization of an existing Office 365 tenant to support the subscription(s).
Subscription to Project Online Professional for all Project Managers that require the ability to open and edit projects in the client scheduling application OR Subscription to Project Online Professional AND licenses for Project Professional 2019 for all Project Managers that require the ability to open and edit projects in the client scheduling application. Note: The 2019 version of Project Pro is required to use the Sensei Portfolio Analyzer add-on or to use the Resource Plans view for Resource Engagements.
Subscription to Project Online Premium for all Executives, Resource Managers, Application Administrators and other Key Stakeholders that are expected to manage Portfolio Selection and Optimization, Demand Management, Enterprise Resource Management, Office 365 Project Portfolio Dashboard users.
Subscription to Project Online Essentials for all Team Members (Resources) that are expected to work with Project Artefacts, provide progress updates to Project Managers and/or complete Timesheets.
License for Excel 2013/2016 (or an Enterprise Office 365 license, E3 for example) with PowerPivot, PowerView and Power Query add-ins installed for all Report Authors and Project Online Administrators.
SharePoint Designer 2013 for all Project Online Administrators.
A Supported Web Browser is required. Supported browsers are: the most current versions of Edge, Firefox, Chrome, and Safari; and the most current or immediately previous version of Internet Explorer.
Software Updates
Microsoft will deploy the latest updates and service packs to your online environment, however if you utilize "standalone licenses" for Project Professional 2016, it is also best practice to have Project Professional at the same service pack and cumulative update level as the server(s) if possible. This means that when updates are released, they should be applied to the client.
Minimum Software & Hardware Requirements
Client Hardware Requirements
| Component | Minimum Requirement |
|---|---|
| Processor | No Requirement |
| RAM | Recommended 4GB |
| Hard Disk | Recommended at least 50 GB.The OS for your client machine will consume a significant portion of your hard disk available space, and to allow for syncing SharePoint online libraries, day-to-day Office work and downloading the Office applications, we recommend the above. |
| Other | DVD drive or other access to applicable software from Office 365 tenant. |
Application and License Requirements
| Application | Role | Minimum Requirement |
|---|---|---|
| Office (Outlook, Word, Excel, PowerPoint, Skype) | All | One of the following: Office 2019 "Standalone", Office 365 (client applications downloaded from tenant) |
| Project | Project Administrator, Executives, Resource Managers, Portfolio/Program Managers | Project Online Premium License, Project Professional (Office 365 download from tenant OR Project Pro 2016) |
| Project Managers | Project Online Professional License, Project Professional for Office 365 OR Project Professional 2019 | |
| Team Members | Project Online Essentials | |
| Administration | PPM Administrator | SharePoint Designer 2013 SP1: http://www.microsoft.com/en-us/download/details.aspx?id=35491 or downloaded from tenant, FLOW for Office 365 License (Plan 1 or 2 may be required for advanced scenarios), Azure Storage Explorer (only if custom integrations have been implemented) (Download: https://azure.microsoft.com/en-au/features/storage-explorer/), SQL Server Management Studio (Download: https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-2017) OR Azure Data Studio (Download: https://docs.microsoft.com/en-us/sql/azure-data-studio/download?view=sql-server-2017) |
| Workflow Development | SharePoint Designer 2013: http://www.microsoft.com/en-us/download/details.aspx?id=35491 or downloaded from tenant, Visio Professional 2013 (not required, but recommended), FLOW for Office 365 License (Plan 1 or 2 may be required for advanced scenarios) | |
| Report Development | Report Builders | SQL Report Builder 3 (https://www.microsoft.com/en-us/download/details.aspx?id=53613), Microsoft Office Excel 2019 with PowerPivot, Power View and Power Query add-ins installed or Excel 2019 (has PowerPivot, Power View and Power Query already included in the Get and Transform Data section of the ribbon), Power Query: http://www.microsoft.com/en-us/download/details.aspx?id=39379, SQL Server Management Studio (Download: https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-2017) OR Azure Data Studio (Download: https://docs.microsoft.com/en-us/sql/azure-data-studio/download?view=sql-server-2017) |
| Browser | All | Latest Explorer, Edge, Chrome, Safari, and/or Firefox for working within your tenant and testing various browser rendering. See reference article above "Plan Browser Support and Minimum System Requirements". |
Resource Pool Considerations
As part of the Jumpstart deployment process, Sensei loads your resource pool and sets the attributes on each resource record.
If your organization is taking advantage of Active Directory sync, we typically recommend that organizations create an Active Directory Group for each Project Online security group, and then nest all of these groups inside the AD group created for Resource Pool Sync.
Most organizations create a structure similar to the following (naming convention usually is specific to each organization):
- PROJ_ADMINS
- PROJ_PRTMGRS
- PROJ_PROJMGRS
- PROJ_RESMGRS
- PROJ_TEAMMEMBERS
All of the above are nested inside a group that syncs to the resource pool called something like:
- PROJ_RESOURCEPOOL
Once the group members are synced into the resource pool, the following fields will be set through the sync process: Resource Name, Logon Account, Email Address, Group. Sensei will then use the Resource Pool Configuration Workbook (Excel Document) to set the non-synced resource attributes. The important and optional fields are identified in this workbook. Sensei asks our clients to provide the information in this sheet for each of your users/resources. This allows us to more rapidly configure resources into your pool. It also provides us with the necessary information to allow for resource management, portfolio analysis and supports your deployment with specific data for Resource Centre views to allow Resource Managers to quickly find single resources or groups of resources that match specific criteria.
What is needed is for your team to determine the following for each resource:
Resource Name: ultimately these may be loaded from the logon account from the AD Connect tool.
Whether the user is a resource or not (will the user be assigned to tasks, or only access the system, or vice versa, will the resource never access the system, however you require a resource record for that individual)
All Named and Generic Resources will be "Work" Resources
The email address associated with the account (if the resource pool is synced to an AD group, this information will be automatically populated)
Base Calendar: Assumed to be "Standard" until other calendars are defined.
Earliest available From: if a resource is not available prior to a specific date.
Role: This is critical, we need to understand the resource's primary job function. The list of values is on the 'Lists' tab of the workbook.
Max Units: The percentage of time the resource is available for project work.
Std. Rate: This can be a blended or "estimated" rate, but we highly recommend a value for each resource in each role.
Booking Type: for all named work resources this should be "Committed", and for generic resources, this should be set to "Proposed".
Team Name: Another custom attribute which the values are contained on the 'Lists' tab of the workbook.
RBS: RBS value for each resource.
Expertise: an optional custom attribute to assist in selection of the correct resource for a team assignment or task.
Resource Department: The department to which the resource belongs.
Cost Type: Should be "Labor" for all named work resources.
Applications: an optional piece of metadata to determine the applications that the resource is familiar with.
Skills: an optional piece of metadata to determine resource skills.
Group Membership: The security group to which the resource belongs.
Timesheet manager: If using timesheets, typically the timesheets are "auto-approved" by the timesheet manager, because each resource is his/her own timesheet manager, if an approval is required from a true Timesheet manager that is not the resource, please provide the name of the timesheet manager for each resource.
These details are documented in the Resource Pool Configuration Workbook on the first tab "Instructions". If values are unknown, they can be left blank, and will be discussed at a later time.
Feel free to modify the "Lists" lookup tables to match the values that pertain to your organization.
As soon as Sensei receives this document completed for the resources/users you wish to configure in your PWA site collection, we can configure users and the resource pool with these records and attributes, but this document is not required to begin work on your deployment.
Migration Requirements
If migration from another PWA environment is included in your Sensei engagement, your Sensei engagement lead will review your migration requirements and provide a recommended approach.
Appendix A: Checklist Items for Sensei
Please fill out the table below and send to your contact at Sensei before starting. The table was filled out with sample data. Please update the table below with your environment information.
| Item | Options |
|---|---|
| Environments Needed: | Production, QA, Test (per the number of environments included in SOW) |
| Sensei Configuration Account | SenseiAdmin@yourdomain.com or SenseiAdmin@yourorganization.onmicrosoft.com |
| Names of Resource Pool Active Directory Groups (up to 5) | GROUP1_PROJRES, GROUP2_PROJRES(Note: add Sensei account to at least 1 group.) |
| URL Name for PWA | http://<yourorganization>.sharepoint.com/sites/pwa |
| Authentication: (SSO enabled) | Yes/No |
| Additional Licenses provided to Sensei Account | K1, E1, E3, etc… |
| IT Contact: | Nick Burns, nick.burns@company.com, 502-123-4567 |
Appendix C: Creating A Reporting Hub Service Account
In order to respond to events in your Project Online installation, the Sensei Reporting Hub will utilize a service account (set of credentials). This service account has the following requirements:
Must have at least a Project Online Professional license.
Must have appropriate SharePoint Permissions. Since Reporting Hub also attempts to aggregate SharePoint list information, it is important that the Reporting Hub service account is granted appropriate access to read all the required SharePoint items. If you want all your SharePoint list items to be reportable, grant the Reporting Hub service account Site Collection Administrator rights.
Must have at least "Portfolio Viewer" Project Online permissions in PWA Settings => Manage Users.
Create the Reporting Hub service account. Go to the Administration portal for your tenant.
Under Users => Active Users, press the '+' button and fill out the account details.
Ensure that the account is allocated at least a Project Online Professional license.Set the account to have a non-expiring password. This step can only be accomplished by PowerShell; ask Sensei to assist you if you have trouble with this step. Install the The Microsoft Azure Active Directory Module for Windows PowerShell cmdlets, and then open a PowerShell window and execute the Connect-MSOLService commandlet. Log in with a tenant administrator account.
Issue the command:
Set-MsolUser -UserPrincipalName serviceaccount@contoso.com -PasswordNeverExpires -true
Multi-Factor Authentication Considerations
When enabling Multi-Factor Authentication (MFA) for the account used as the Reporting Hub service account, the credentials supplied must instead be an "App Password" created for the Reporting Hub service account.
Once you have created the Reporting Hub service account as per the instructions above:
Log into SharePoint Online using the Reporting Hub service account, supplying the username, password, and code as required by MFA.
Go to Office 365 Settings
Go to 'Additional security verification'
Click on 'Update your phone numbers used for account security'
Choose 'App Passwords' in the header menu
Click 'Create'. This will issue the password for use with Reporting Hub.