Enterprise Roll Out Checklist

This checklist is intended to serve as a guide to Enterprises who are rolling out Mattermost to thousands of users.

Checklist Details

Prepare for the Roll Out

Much of the preparation work is focused on ensuring the environment is deployed and secured prior to onboarding users.

1. Define the Roll Out Project

  • Define key stakeholders and project team members
  • Example project team members: Project Manager, Network Administrator, Database Administrator, Corporate Directory Administrator, Security & Compliance Administrator(s), User Support, User Champions, User Trainers
  • Define use cases and requirements for teams, their workflows and their integrations
  • Define success criteria, goals and metrics to measure success
  • Create a Project Charter to document goals, tasks, deliverables, and decisions
  • Get buy-in from project team members and key stakeholders on the project charter

2. Validate Essential Security and Compliance Requirements

  • Review Mattermost security features
  • Determine monitoring requirements
  • Database, network, storage, log integrity
  • Identify fields for log management tools (e.g. Splunk Enterprise event data)
  • Determine environment access policies
  • Network access, physical access, group controlled access
  • Determine encryption policies
  • Determine System Administration access policies
  • Identify list of users or groups who need administrative access for Mattermost System Console, Command Line Tools and API privileges
  • Define and configure authentication policies
  • Determine requirements for multi-factor authentication
  • Configure and test SSO or Corporate Directory integration (SAML or AD/LDAP)
  • Define your mobile usage policy

3. Create Development, Staging, and Production Environments

  • Finalize production environment design basing hardware on expected usage and requirements for high availability
  • Create development and staging environments
  • Recommend using to test early configurations for database, authentication, file storage, Elasticsearch, prior to setting up high availability and load balancing
  • Recommend configuring staging to be an identical replication of your production environment
  • Create production environment
  • Install Mattermost
  • Install the number of nodes based on your high availability requirements outlined in your production environment design
  • Recommendation: Use Kubernetes and the Mattermost Operator, with external supported external database and file storage solutions. This will also provide blue/green deployment, rolling upgrades, and canary builds
  • Install and configure database
  • Install the number of read and search replicas based on your high availability requirements outlined in your production environment design
  • (Optional) Set up configuration management via the database instead of a config file for high available environments
  • Install and configure File Storage
  • Install and configure proxy or load balancers
  • Note: If running Kubernetes and the Mattermost Operator, proxies will be created automatically.
  • Add SSL Cert
  • (Optional) Set up certificate-based authentication (CBA) for user or device-based authentication with a digital certificate
  • Configure SMTP for email notifications
  • Set up Elasticsearch (highly recommended if your organization anticipates over 2 million posts)
  • Document network configuration

4. Configure and Customize Your Mattermost Site

  • Login to Mattermost and access the System Console to connect your environment to Mattermost
  • Resource: https://docs.mattermost.com/administration/config-settings.html#environment
  • Upload your valid Enterprise License under Edition and License
  • Ensure site URL is set appropriately for your production, dev and staging environments
  • Add your database configuration to System Console > Environment > Database
  • Add your Elasticsearch configuration to System Console > Environment > Elasticsearch
  • Add your file storage system configuration to System Console > Environment > File Storage
  • Add your proxy configuration to System Console > Environment > Image Proxy
  • Add your SMTP configuration to System Console > Environment > SMTP
  • Enable Push Notifications by adding your server to System Console > Environment > Push Notification Server
  • Add your cluster configuration to System Console > Environment > High Availability
  • Configure your site within the System Console
  • Set site access policies including permissions for roles and guest access

5. Test Production Performance and Redundancy

  • Define and test disaster recovery policy and processes
  • Performance test production environment
  • Load test production environment to verify that it will handle anticipated user load
  • Set up Prometheus and Grafana to monitor performance
  • Set up alerts in Grafana

Roll Out Mattermost

Now that you have an environment in place, we recommend working through the following items in an iterative process. You may need to cycle through each of these topics multiple times to make adjustments to suit your organization as you onboard groups of users.

1. Define Your Team and Channel Strategy

  • Determine and create team structure for your environment
  • Determine and create key channels to support your users. Town Square and Off-Topic are built in channels in every team
  • Recommendation: Add a “Support” channel for your users to escalate questions
  • (Optional) Migrate messages and channels from legacy systems

2. Enable Key Integrations

  • Build list of key integrations and tools used by your teams
  • Define use cases and requirements for plugins, bots, webhooks, slash commands
  • Set up key integrations (or migrate from POC environments)
  • Understand Mattermost API capabilities

3. Prepare for User Onboarding

  • Onboard champion users
  • Onboard trainers and support team
  • Create a training plan
  • Define user escalation and support processes
  • Ensure you have set the site’s support URL to your own support team under System Console > Site Configuration > Customization
  • Notify users in advance of roll out

5. Roll Out to Groups of Users

  • Provision user accounts
  • (Optional) Bulk Load users
  • Onboard users to teams and channels
  • Recommendation: Use LDAP Group Sync to automate this process
  • Implement your training plan to end users on how to use Mattermost
  • Train on using Mattermost
  • Train on how to use integrations

6. Drive Adoption

  • Incrementally roll out to additional user groups
  • See “Roll Out to Groups of Users”
  • Manage support requests and product requests from your end users
  • Enable additional integrations and plugins to support user workflows
  • Understand management tools available to support users

Review the Roll Out

We recommend that you review your roll out on a cadence that matches your iterative approach to rolling out to users. Below are some areas to consider.

1. Review Project Charter Success Metrics

  • Perform end-user surveys and measure satisfaction
  • Verify use case fulfillment from original requirements gathering
  • Measure your response time and resolution rate for user support issues
  • Identify usage gaps and address or create a plan for addressing

2. Review and Analyze Usage

  • Review Project Charter success metrics - identify usage gaps and address or create a plan for addressing
  • Monitor site and team statistics
  • Analyze usage by lines of business and peak usage times

3. Analyze System Performance

  • Monitor trends in CPU/memory usage
  • Review trends in database connections
  • Review trends in Go routines
  • Review trends in concurrent sessions

4. Harden Security

  • Harden security controls around web, desktop and mobile security
  • Harden configuration management
  • Harden network security
  • Identify additional tests and scans
  • (Optional) Enable Compliance Reporting

5. Perform Maintenance Tasks

  • Monitor for security updates (or sign up for email updates)
  • Perform first upgrade
  • Determine upgrade schedule based on Mattermost release schedules and lifecycle
  • Run System checks and either address or set address-by date