Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Spca2014 harbar workflow


Published on

  • Be the first to comment

Spca2014 harbar workflow

  1. 1. Spencer HarbarDesigning, deploying and managing Workflow Manager farms
  2. 2. About Spencer Harbar Microsoft Certified Solutions Master | SharePoint Microsoft Certified Architect | SharePoint 2010 Microsoft Certified Solutions Master | SharePoint Instructor & Author Microsoft Certified Master | SharePoint 2010 Microsoft Certified Master | SharePoint 2007 Most Valuable Professional | SharePoint Server SharePoint Patterns & Practices Advisory Board Member Works with Microsoft’s largest enterprise customers Works with SharePoint Product Group on Readiness Author for MSDN & TechNet
  3. 3. Agenda •Introduction to Workflow Manager •Workflow Manager high level architecture •Topology options •Installation and configuration •Business continuity management
  4. 4. Introduction to Workflow Manager
  5. 5. What is Workflow Manager? •Formerly Azure Workflow Server/Services (AWS) Same “code base” as Windows Azure Service Bus •Windows Workflow Foundation •Scalable and reliable workflow engine •REST based •Multi-tenant capable
  6. 6. Comparing 2010 and 2013 Workflows •SharePoint 2010 –Legacy approach –Primarily for backwards compatibility (e.g. upgrade) –Tightly coupled to SharePoint Servers –In Process –Declarative or custom code –Available both in SharePoint Foundation and SharePoint Server •SharePoint 2013 •Present and Future •Decoupled from SharePoint, and supporting other consuming platforms •Declarative only •On Premises or Cloud •Consistent with .NET Framework Workflow •Much more capable •App friendly •Available in SharePoint Server only
  7. 7. Workflow Manager high level architecture
  8. 8. Architecture Overview SharePoint Content Events Sharing People 2010 Workflow _API (REST OM) Access Control OAuth Service Bus Workflow Manager Workflow Service Application Proxy Workflow Services Manager Instances Interop Deployment Messaging Workflow Client
  9. 9. Workflow Manager –Front End / Back End •Resource Management Services •Workflow and Activity CRUD operations •Instance Management Services •Instance queries •Application Events and Control Messages •Workflow Host •Service Bus
  10. 10. Service Bus –Loosely coupled
  11. 11. Workflow Manager Client •Microsoft.Workflow.Client.dll •Manage workflows (“definitions”), monitor, initiate, and communicate with instances •Required on all SharePoint servers –Handles communication with Workflow Manager
  12. 12. Workflow Service Application Proxy •SharePoint construct •Registered with PowerShell •Broker for all calls to Workflow Manager •Dependent upon Workflow Manager Client
  13. 13. Workflow Services Manager •API for managing, monitoring and interacting with workflows –CSOM, JSOM, REST –Instances: Access to running instances, including sending messages –Deployment: Saving/publishing/changing workflow definitions, validating XAML, etc. –Messaging: Handles how messages are sent from SharePoint to Workflow Manager –Interop: Interaction with 2010 workflow
  14. 14. Messaging •Inbound notifications –Start/stop workflow –Events –Management –One-way only •Outbound work –REST/Web service calls –Workflow Back-End destination –GET, PUT, POST, DELETE, MERGE •Outbound notifications –RegisterInterest –Confirmation Message Workflow Manager Message Notification
  15. 15. Topology Options
  16. 16. Topologies •One or three servers –NOT two, NOT four, NOT six, NOT eight…. –Service Bus and quorum implementation •Each component must run on each server –Workflow Manager and Service Bus •There are NO other supported topologies –A farm of two (or four, six etc) can of course be built, but it is NOT supported –And more importantly, it won’t provide high availability
  17. 17. Topologies: co-located •Running Workflow Manager on adequately resourced Web Servers in the SharePoint farm –Carefully factor this into your overall farm topology design Workflow Manager Workflow Manager Workflow Manager
  18. 18. Topologies: Federated •Workflow Manger farm serving multiple SharePoint Farms Workflow ManagerScope 1(SP Farm 1) Scope 2(SP Farm 2)
  19. 19. Topologies: ‘Distributed’ •Multiple Workflow Manger farms serving multiple SharePoint tenants •And potentially SharePoint Farms Workflow ManagerScope 1(SP Tenant1) Scope 2(SP Tenant 2) Workflow ManagerScope 1(SP Tenant3) Scope 2(SP Tenant 4) SP Tenant 1SP Tenant 2SP Tenant 3SP Tenant 4
  20. 20. Planning for performance and throughput •Consider scale upfront –Workflow expands rapidly –New platform enables high scale but you need a plan! •Regularly occurring large loads –Examples include expense reports, timesheets etcat end of financial period •Common gotcha: Network Interface configuration –Between SharePoint and Workflow Farms –Between Workflow farms and external systems
  21. 21. Scaling out •Multi-server farm –Workload automatically distributed –Load balancer for client interaction/REST calls –Workflow Manager: Maximum of three servers •Factors –CPU –Workflow Manager, Service Bus, SQL –I/O –SQL –Network throughput & latency •Scale SQL Server first –Likely to be the first bottleneck –Server distribution –Workflow Manager and Service Bus databases on different database servers –SQL optimization (file I/O, sizing, etc) –However keep it practical (!)
  22. 22. Installation and configuration
  23. 23. Hardware and Software Requirements •Hardware –Minimum RAM: 2Gb –Minimum CPU: 2 GHz Dual Core –Minimum Disk: 1Gb Free •Operating System –Windows Server 2008 R2 Service Pack 1 (x64) –Windows Server 2012 (x64) –Development purposes only: •Windows 7 Service Pack 1 (x64) •Windows 8 (x64)
  24. 24. Software Pre-requisites •.NET Framework 4 Platform Update 3 or .NET Framework 4.5 •PowerShell 3.0 •Service Bus 1.0 •Workflow Client 1.0 •Installed using Web Platform Installer (WebPI) –Download can be “cached” and performed offline
  25. 25. SQL Server Requirements •Versions and Editions –SQL Server 2012 (or Express) –SQL Server 2008 R2 SP1 (or Express) •Configurations –Collation: Default, SP, Binary –Clustering –Mirroring –AlwaysOn •Security –Windows authentication –SQL Server Authentication
  26. 26. Environment Requirements •SQL Server connectivity –TCP/IP •SQL Browser service running on SQL Server •Whilst stated, this is NOT actually a requirement! –Named Pipes •SQL Server machine name < 16 characters (NetBIOS restriction) •Firewall –Ports 1443, 12290 and 12291 available (default) –Windows Firewall automatically configured if selected (default) during Workflow Manager Farm creation –Strongly recommended to use the default ports
  27. 27. User Requirements •Configuration user –The account used when configuring Workflow Manager –Similar to the SharePoint “Setup User” –Local Admin on servers –DBCreatorand SecurityAdmin(or pre-create) –Also called “Logged In user” or “Current user” in some documentation •RunAsuser –Service Account Identity –Used for Workflow Manager & Service Bus services –Can be a separate account for each –Built-In accounts NOTsupported –Fully qualified UPN format (–this is NOT strictly required –Granted Log on as a Service right during configuration •Don’t use the same account for both!
  28. 28. Service Account Password ChangesWorkflow Manager and Service Bus •If Service Accounts are expired by policy: –Using the Configuration Account, or other Workflow Manager and Service Bus Administrator account – •Watch out! MSDN refers to interactively logging in as the service account! – us/library/windowsazure/jj193456(v=azure.10).aspx – us/library/windowsazure/jj193007(v=azure.10).aspx
  29. 29. SharePoint 2013 Requirements •Interaction between SharePoint and Workflow Manager farms is OAuth2. Therefore requires: –App Management Service Instance and Service Application –User Profile Service Instance and Service Application –Users must be populated in the Profile store •and have valid User Principal Name (UPN) •Workflow Manager validates users by UserPrincipalName(UPN) –Ensures they have rights to start instances •If not, instance cancelled •One of the reasons 2013 Workflows are not available in SharePoint Foundation
  30. 30. Certificates •OAuth2 should always be SSL –Therefore the Workflow Manager Farm should use SSL –Don’t forget the SharePoint side! •Service Bus –Farm Certificate –Encryption Certificate •Workflow Manager –Services SSL Certificate –Encryption Certificate –Outbound Signing Certificate
  31. 31. Certificates -Choices •Auto Generated –Suitable for most deployments –Provide Generation Key –Required for every server to join Workflow Manager Farm •Record this value! –Configuration takes care of copying them/creating them •Use existing (Domain CA Issued) –Must be in the Local MachinePersonal certificate store for all computers in farm –Administrators responsibility to create them and copy them to each machine in the farm(s) –Multi server farms must include a Subject Alternative Name for the DNS domain, e.g. *
  32. 32. Installation •Install and configure SharePoint farm –Including Workflow Manager Client on every server •Install and configure Workflow Manager farm –Logged in as Configuration Account –Web Platform Installer
  33. 33. Offline Install •On an Internet connected machine: –Download and install WebPICmd.exe –From an Administrator Command prompt: •webpicmd/offline /Products:WorkflowManager/Path:c:OfflineWorkflow –Will download Workflow Manager and it’s pre-reqsto the specified folder •Copy contents to intended Workflow Manager server •On Workflow Manager Server(s): –From an Administrator Command Prompt: –WebpiCmd.exe /Install /Products:WorkflowManager/XML:c:offlineWorkFlowfeedslatestwebproductlist.xml –To install Workflow Client (on SharePoint Servers): –WebpiCmd.exe /Install /Products:WorkflowClient/XML:c:offlineWorkFlowfeedslatestwebproductlist.xml
  34. 34. Leaving a Farm •Rename a Server –Remove from Farm –Rename Server –Join back to Farm •Reduce Farm to one Server –Remove allmachines (keep databases) –Join existing farm from existing machine
  35. 35. Connecting to SharePoint •MSMQ Configuration –Optional Configuration –Enables Asynchronous Event Messaging –Supports disconnected scenarios (e.g. maintenance windows in large environments) –Enable MSMQ on SharePoint Servers –In this case, Workflow Manager can NOT be co- located with SharePoint •PowerShell $proxy = Get-SPWorkflowServiceApplicationProxy $proxy.AllowQueue= $true; $proxy.Update();
  36. 36. Validating install and configuration •Get-SBFarmStatus& Get-WFFarmStatus –Will report on Windows Services state and http(s) availability –Windows Services: •Workflow Manager Backend •Service Bus Message Broker <-will often take a while to start •Service Bus Gateway •Windows Fabric Host Service •SharePoint –SharePoint Service Application Proxy –SharePoint Designer Platform Type –But neither validate it’s actually working! –The ONLY way to properly test is to create, publish and execute a 2013 Workflow!
  37. 37. Demonstration Workflow Manager
  38. 38. Business continuity management
  39. 39. High Availability •Three servers required for high availability –Also provides load balancing •Scale SQL and SharePoint separately
  40. 40. Monitoring •Workflow Manager Pack for SCOM – us/download/details.aspx?id=35384
  41. 41. Disaster Recovery overview •Recovery –Database restore –Point-in-Time (temporally similar) •Databases –Workflow and Service Bus Farm Management DBs not required •Full farm or individual tenant (scope)
  42. 42. DR preparations –data tier •Standard SQL techniques –Mirroring –Log Shipping –Availability Groups •Use standard SQL Backup and restore –Service Bus and Workflow manager has the required cmdlets
  43. 43. DR preparations –compute tier •Cold Standby –Create a new farm using SQL Backups, or replicated data, and scripts •Warm Standby –Secondary farm, with compute nodes turned off –Use scripts to resume standby farm •Hot Standby –Notsupported
  44. 44. Disaster Recovery Requirements •Symmetric Key –Keep it in a safe place –Without it you will NOT be able to restore •Note time of “disruption” –The approximate time is required to replay some operations •Databases –All Service Bus and Workflow databases, except the two Management databases, are required for a full Workflow Manager restore operation
  45. 45. DR Scenarios 1/2 •Loss of one or more Workflow/Service Bus databases –Uninstall Workflow Manager –Reinstall Workflow Manager –Restore Database Backups –Use the Service Bus/Workflow Restore Process and then scale-out •Loss of entire Workflow farm –Restore databases –Rebuild farm and use the Restore Process and then scale-out
  46. 46. DR Scenarios 2/2 •Loss of a WF/SB server –Install Workflow Manager on a new server -Drop the Management Databases, use the Restore Process and then scale-out -or -Remove the old WF/SB Server and join a new one •Loss of a Workflow Scope –Restore Backup (do not overwrite) –Use the Restore-WFScopecmdlet
  47. 47. Full Restore Process •Restore Service Bus Farm –Creates new SB Management database –Use the same ports and configuration –Use the Install account •Restore Service Bus Gateway •Restore Service Bus Message Container –Specify the Id of the container •Add Service Bus host to machine •Configure Service Bus Namespace –Using the original Symmetric key
  48. 48. Full Restore Process (cont.) •Restore Workflow Farm –Creates a new Management database –Specify the time of disruption, used for consistency checks –Verification log (relative path) contains warnings about “suspect” inflight workflows •Add Workflow host to machine •On host 2 and 3 –Add the Service Bus Host –Add the Workflow Host
  49. 49. Applying Updates •Co-ordinating updates between SharePoint and Workflow Manager –After applying updates, you should rerun Register-SPWorkflowServicewith the -Force switch. –Adds a new deployment group –Republishes any updated SharePoint activities (in SharePoint update) to the Workflow Manager farm
  50. 50. Wrap up
  51. 51. Summary •Understand the Workflow Manager architecture •Configure and Deploy Workflow Manager •Apply appropriate business continuity strategies for Workflow Manager
  52. 52. Workflow Manager Articles •Core Concepts, High Availability, Certificate and SharePoint considerations •End to End Configuration using Auto Generated Certificates and NLB •Switching an existing farm to use Domain CA issued certificates •End to End Configuration using Domain CA issued certificates •Workflow Manager Disaster Recovery –Preparations–- preparations
  53. 53. THANK YOU