System Center 2012 SP1 - Orchestrator: EUPSCO Installation
In a previous post I gave an overview of EUPSCO, short for End User Portal for System Center Orchestrator, a free web application that helps publish and launch runbooks. So without further ado, let’s get our hands dirty and deploy this amazing free tool! Today I’ll be talking about System Center 2012 SP1 – Orchestrator and installing EUPSCO.
EUPSCO Prerequisites and Beginning Installation
Prior to actually installing the application, we have some of the regular prerequisites work to complete. This is extremely important for this specific utility, as there is essentially no installer and we have to do all the work manually. But fear not, it’s all pretty simple. For the purpose of demonstration, I am going to use a new server to host the application and leverage our existing SQL database server, which is already being utilized by our Orchestrator installation. You are welcome to choose a different SQL server, instance, or even deploy a dedicated install.
To begin the installation, start with a standard installation of Windows Server 2012 and add to it the features for .NET 4.5 Framework, which this application is written to use, and IIS for hosting the application. To keep this simple, the following PowerShell commands will deploy these requirements:
Add-WindowsFeature Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Http-Redirect, Web-Http-Logging, Web-Stat-Compression, Web-Dyn-Compression, Web-Basic-Auth, Web-Digest-Auth, Web-Windows-Auth, Web-Net-Ext45, Web-ASP-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Console
As the application is delivered as a web app, we require an account that the application pool will impersonate while it is running. This account also requires an additional level of trust as it will communicate with both our Orchestrator ODATA website and a SQL database, on which the application will store its configuration details.
- Orchestrator: Administrative Access to Orchestrator
- Database: DBO access to the database that we will create for the configuration
On your Active Directory, proceed to create a new AD user account. Give this a name and login details that adhere to your naming conventions and standards; for example, I am going to use the account name !svcEUPSCO and a strong password. Depending on your security policies, you may want to consider setting this password to never expire.
To delegate our service account administrative access to Orchestrator, you will need to add this user account as a member of the group you defined as the Group for Orchestrator Administrators during its installation. Depending on the options you selected, this might have been a default local computer group – or, preferably, you will have created a domain group for this task.
Rather than deploy a new SQL server, or SQL instance, I will simply create a new database on the SQL server instance that is already utilized for the Orchestrator database store.
- Launch the SQL Server Management Studio as a use with administrative permission to the SQL Server, and connect to your server.
- In the Object Explorer, expand the Server Name, and select the Security node.
- Right-click on the Logins node and select the option New Login.
The New Login dialog is presented. In the Login Name field, enter your service account name, prefixed with the domain name, in my environment this would be DIGINERVE\!EUPSCO.
Next, simply click OK to save the account as a SQL login.
- Again, in the Object Explorer, expand the Server Name, and select the Database node.
- Right-cick on the Database node and select the option New Database.
The New Database dialog is presented. In the Database Name field, provide a name for the new database, for example EUPSCO.
In the Owner field, click the button ‘…’ to present the Select Database Owner dialog.
Again, type in your service account name in the field Enter the object names to select, for example DIGINERVE\!EUPSCO. Click OK.
Finally, in the New Database dialog, click OK to create your new database with the default file and log sizes.
Next we get to the exciting part of the installation. If you have not already downloaded your copy of EUPSCO from the developer’s site, then it is time that you do so!
The package is delivered as a simple ZIP file from the site, which we just need to extract to our web server. To begin with, I have the content extracted to C:\EUPSCO_201307221. On a default installation a new empty website will be automatically created; however, as you might choose to deploy this portal to a server that hosts additional sites, I will also create a new site for this web application.
- Launch the Internet Information Services Manager, and in the Connection tree, select the Application Pools node.
Right-click the node and select Add Application Pool.
The Add Application Pool dialog appears. Enter a name for the pool in the Name field – in this case, I suggest “EUPSCO.”
Ensure that the .NET CLR Version is set to v4.0.xxxxx. Click OK to save the new pool.
- In the Applications Pool list, select our new pool.
Right-click the pool name and select Advanced Settings.
In the Advanced Settings dialog, locate and select the property identity.
Click the ‘…’ to display the Application Pool Identity dialog.
Select the option Custom Account and click the option Set.
In the Set Credentials dialog, enter the details for the service account we created earlier – for example, diginerve\!EUPSCO and its associated password. Then click OK.
Click OK to close the Application Pool Identity dialog and once more to close the Advanced Settings dialog.
Next, right-click the Sites node and select Add Web Site. The dialog appears. In the Site name field enter a name for the site, (again, I suggest “EUPSCO”).
For the Application Pool, click the Select… button, and in the Select Application Pool dialog, select the EUPSCO pool we just created from the drop-down. Click OK.
For the physical path, enter the location where you are storing the web application. I have placed mine at C:\EUPSCO_201307221.
If this is the only site on your server, you can just keep the defaults as they are. If you have multiple sites on the same host, you can choose to set the Binding details, including the Type, IP address, and Port; and/or set a host name – for example, in my network I might set the host name to match EUPSCO.diginerve.net and enter a DNS record for this URL.
Click OK to save the changes and create your site.
Select our new site from the connections tree. In the center pane locate and double-click the Authentication icon.
In the Authentication settings, set all authentication methods to Disabled (except Windows Authentication, which you need to set to Enabled).
At this point we should now have all the web application configurations complete. All that remains is for us to set the configuration of the applications settings to connect with our Active Directory for authentication, point to our Orchestrator ODATA REST Web Services URL, and connect to our database for EUPSCO configuration details.
In the application folder, we should have a file called web.config, which contains the configuration for our web application.
Active Directory – Start by searching for the entry key=”DomainSearchRoot” and set this to match your active directory domain. In my example this is diginerve.net, which I will write in LDAP format as “DC=diginerve,DC=net”.
SCO Web Service – To configure the web service, search the file for key=”OrchestratorServiceURL” and set the value to match the URL of your Orchestrator Service. For example this might read as HTTP://PDC-SC-OR01.diginerve.net:81/Orchestrator2012/orchestrator.svc.
Database Server – To configure the database details, search the file for name=”Database” and in the connectionString we need to apply two settings, first the Data Source to the name of the database server, and second to the Initial Catalog to the name of the database we created on the server. Again, for example my settings read as Data Source=PDC-DB-SQL01.diginerve.net;Initial Catalog=EUPSCO;
System Center 2012 SP1 – Orchestrator: EUPSCO First Run
Take a deep breath and put a big smile on your face – you have just completed the installation! Now it’s time to check that everything has worked by launching your web browser and surfing to the website with the settings you configured for the site. As the site is not listed in your Trusted Sites list, you will need to authenticate to the site. In the configuration file, by default the domain administrator is also the administrator account for the portal. (You can change this by editing the value for key=”AdminUserIds” in the web.config file.)
Once authenticated, the site will take a few moments to load the first time, as IIS compiles the ASP.NET code.
Have fun getting acquainted!