Automation of Web Application Creation in Managed Environments (Part II: Creation of WebAppliction via AutoSPInstaller (adapted))

To kick off the series with the first step of the Creation is the SharePoint part. All other parts are pretty much concerned with everything else (i.e. Registry, Host-File, IIS, Network Adapters, Certificates). Here we want to create a web application in SharePoint. To understand why all the other parts are interesting will be explained in each of the articles but let’s briefly touch on what we get with this article and what is missing and need to do and why.

The attached script takes an xml input and walks through the configuration file and creates a webapplication, configures it, adds managed paths, creates the underlying database, and can even create site collections if so specified. At this point a credit is in order to the great guys of the autospinstaller project on codeplex. I basically took their code and tailored it (maybe even worsened it a little šŸ˜‰ ). I definitely made one change in line 265 because I usually delete my default page in my IIS because an IIS process that is not used bothers me for some reasons. If you are worried about the performance you can also just stop the site and stop the app pool. That works well, too! If you do that you can use the original script line, which picks the path where the virtual folder will be created based on the path of the default site.

So now that we covered where the script comes from (autospinstaller), let’s check out what is missing. Basically if you are running http on a custom port (anything above 1023 is a good choice if your servers are dedicated (please let them be dedicated!)) and you don’t even care about availability (dev and demo machines) you usually use a one server farm and thus you don’t necessarily need host names.

You can just use the server name. That would pan out to look like http://servername:1024 or http://localhost%5B:80%5D. Now if you are using host names you need to at least add these to your DNS Catalogue. This is usually not something a SharePoint Expert does and it’s basically so damn easy even a sales-guy can do it (as long as we are not talking reverse-lookup) šŸ˜‰ This is actually a private joke between me and another Tech-Guy, so don’t worry if it’s not funny to you.

So if you add your host names to the DNS or have them added for you for that matter you should also consider updating the local host file as well as the backconnectionhostnames registry key.

For additional security you should definitely consider using https. If you are in an organization you are working with company data and documents, so hey keep them safe! Then you need certificates to identify your servers. Then you are packing a lot of problemos, hombre!

You might want to consider wildcard certificates. But if the org you work for is anything like my customers you can check that and just go with one IP per Frontend and webapplication of the farm. So this is basically where it gets interesting. If you get here and you still have the choice please also configure kerberos for added value. You can even have a pseudo single sign-on experience for Mac Users via Machine or User Certificates. SAML Claims (so yes, claims authentication) would be the greatest thing, but how many organizations are ready for that? In any case make sure you are allowing only the right kind of SSL Certificates on your server. Your IT Department may be happy if you disable the ugly ones before they have to ask.

If you are setting up SP2013 fresh, then please just do it right the first time. You can save yourself so much hassle in the end. It’s a lot more interesting to work on the bleeding edge rather than the old: “we did a fast version, now we saw it’s not as great and need to change it”. Typical example is the MySite Memberships Page on the MyProfile. Once the links are added it’s hard to impossible to change or remove them. Confusing and frustrating. Oh well, let’s not get too far away from the purpose of this post.

Basically what I wanted you to understand is that it makes sense to discuss these topics because they are usually not discussed by developers, but every infra-engineer should know them by heart at a certain point in time.

This article of the series focusses on the configuration file I attached below but will also copy in here:

<?xml version="1.0" ?>
<Configuration>
  <Farm>
    <Database>
        <DBPrefix>SP2013</DBPrefix>
    </Database>
    <ObjectCacheAccounts>
        <SuperUser>meiringer\spcacher</SuperUser>
        <SuperReader>meiringer\spcachew</SuperReader>
    </ObjectCacheAccounts>
  </Farm>  
  <SharePoint Version="14" />
  <WebApplications AddURLsToHOSTS="false">
        <WebApplication type="Portal"
                        name="Portal"
                        applicationPool="Portal"
                        applicationPoolAccount="meiringer\spapp"
                        url="http://portal.meiringer.com"
                        port="80"
                        UseHostHeader="true"
                        AddURLToLocalIntranetZone="true"
                        databaseName="C_Portal_001"
                        useClaims="true"
                        useBasicAuthentication="false"
                        useOnlineWebPartCatalog="false">
            <!-- You can now specify a different DB server/instance or alias per web application and service application. The behavior is slightly different than with the farm DB server though, see below. -->
            <Database>
                <!-- If you are creating an alias (recommended!), <DBServer> is actually the value of the SQL alias; otherwise it's the NetBIOS name of the SQL server or instance. 
                     If you leave <DBServer> blank, the default DBServer value for the farm is used -->
                <DBServer>sharepointdb</DBServer>
                <!-- The script can create a SQL alias for you. Enter the DBInstance, and if you leave <DBPort> blank, script will assume default port value of 1433 -->
                <DBAlias Create="false"
                         DBInstance="DONT CARE!"
                         DBPort="" />
            </Database>
            <ManagedPaths>
                <ManagedPath relativeUrl="hlp" explicit="true" />
                <ManagedPath relativeUrl="lb" explicit="true" />
                <ManagedPath relativeUrl="ws" explicit="false" />
            </ManagedPaths>
            <SiteCollections>
                <SiteCollection siteUrl="http://portal.meiringer.com/lb"
                                HostNamedSiteCollection="false"
                                Owner="meiringer\spapp"
                                Name="Loadbalancing"
                                Description="Loadbalancing Test"
                                SearchUrl=""
                                CustomTemplate="false"
                                Template="STS#1"
                                LCID="1033"
                                Locale="en-us"
                                Time24="false">
                </SiteCollection>
            </SiteCollections>
        </WebApplication>
    </WebApplications>
</Configuration>

Basically this is the web applications section of the autospinstaller xml configuration file. The reason why I wanted to separate it from the farm creation is because then I can create web applications after the farm is created as well. A couple of configurations are necessary, so I had to add them, like the SharePoint Version (which differs from the original, because it was called Install SPVersion=’2013′) but I didn’t want the added overhead of checking the setup.exe in the install path, so I changed that to the version 14/15 instead of the year, because I don’t need the year anyway. The version is necessary to find the language packs that are installed that you can specify in the site collection section as locale.

Next to that I am also planning to add more to the script so I can add the domain users group or authenticated users group to the loadbalancing site, or at least add the loadbalancing account automatically to the site collection users.

The ManagedPaths part is interesting and one of the two reasons (besides the site collections you can also include) this scripted approach makes a lot of sense for. Of course this procedure can be performed unattended so it is much nicer to begin with but the great part is that you can store this file and start with it next time you need to do this again without having to keep all of your (naming) conventions in mind again. This mask for creating the web application in Central Admin really makes me crazy because depending on what you select in some fields other fields change their value as well…(e.g. SSL yes/no adds port to the host header field) and you need to really check every field before submitting. Using a configuration file you have them at one glance: Way better!

To be honest whoever wants to deviate from these settings please make sure to have the AutoSPInstallerFunctions.ps1 ready. For the alias for instance. I didn’t test this script to exhaustion.

The object cache users are mandatory in this script just like the DBPrefix value and pretty much all the given fields. Also you should make sure that the managed accounts are already registered with SharePoint. That might just be an additional improvement in the future to add this because with app pool isolation it’s actually quite common to have a new account for each new web application.

So at the end of this we have ourselves a web application that is or isn’t connected to the online app catalogue, has the cache users registered, has a sensible database name and already has managed paths and site collections. Now we can focus on everything Non-SharePoint (quite weird for a SharePoint Blog if you think about it).

Continue Reading…Part III

Back To Overview

Attachments:

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: