A WordPress.com site dedicated to System Center and Cloud Management

Archive for May, 2014

ITQ’s End User Portal for System Center Orchestrator (EUPSCO) – Part 5: Portal Installation


In our previous post (ITQ’s End User Portal for System Center Orchestrator (EUPSCO) – Part 4: Database), we covered setting up/preparing the Prerequisites. In this post we follow Damian Flynn’s steps on the Portal Installation.

The following is a re-write (to accommodate screenshots) from Damian Flynn’s article, with the addition of screenshots by me.

 

Portal Installation

Now that we have everything setup, we can now perform the installation of the End User Portal.

Start by downloading the latest copy of the End User Portal from the ITQ website (http://www.eupsco.nl/Downloads). At of the time of this writing, the latest version is Version 1.33 build 20130722.1 Released on
Monday July 22 2013. The files are contained within a .ZIP file.

Portal Download

After you have downloaded the files, extract them to a general location. I have extracted my to \Downloads\EUPSCO_201307221. Since we are performing this installation on the same server that Orchestrator is installed on, Internet Information Services (IIS) is already installed. We could use the “Default Website”, however, for purpose of demonstration, we will create a new IIS Website for the End User Portal.

Start by launching Internet Information Services (IIS) Manager.

Launch IIS Manager

In the Connections Pane, expand the Server and select Application Pools.

Connections - Application Pools

Right-click on Application Pools and choose Add Application Pool.

Add Application Pool

On the Add Application Pool dialog, provide a name for the pool. In my lab example, I am using EUPSCO. Ensure that the .NET CLR Version is set to v4.0.xxxxx, then click OK to create the new Application Pool.

Add Application Pool

In the details view, you should see our newly created Application Pool.

Application Pools - Newly Created App Pool

Right-click our newly created Application Pool and select Advanced Settings.

Application Pool - Advanced Settings

On the Advanced Settings dialog, find the Identity property and select it.

Advanced Settings - Identity

Click on the “…” button to display the Application Pool Identity dialog. Select the Custom Account option, and click the Set button.

Application Pool Identity - Custom Account - Set

In the Set Credentials dialog, provide the details for the Service Account we created, then click OK. Be sure to include DOMAIN\UserName. In my lab example, this is SC\EUPSCO_AppPool.

Set Credentials

Click OK to close the Application Pool Identity dialog, and OK again to close the Advanced Settings dialog.

Back in Internet Information Services (IIS) Manager within the Connections Pane, right-click on Sites and select Add Website.

Sites - Add Website

On the New Website dialog, provide a name for the new website. In my lab example, I used “EUPSCO”. Then click the Select… button for the Application Pool.

Add Website - Site Name

On the Select Application Pool dialog, choose the Application Pool that we previously created from the drop-down list, then click OK.

Select Application Pool

Back on the Add Website dialog, provide the Physical Path to the extracted files you downloaded. In my lab example, even though I extracted the .ZIP file to the \Downloads\ folder, I also copied the extracted files to the default Internet Information Services (IIS) directory; namely C:\inetpub\wwwroot\. Click OK to finish creating the new website.

Add Website - Physical Path

In the Connections pane, select the newly created website. In the Features View pane double-click on Authentication.

Website - Features View - Authentication

On the Authentication settings, set all Authentication Methods to Disabled, and set Windows Authentication to Enabled.

Website - Features View - Authentication Settings

We now have the Website configuration completed. We still have some Application Settings to configure to connect it to Active Directory for authentication, connect it to the Orchestrator Web Service, and to connect it to the database that we created.

In our next post, we will discuss the Portal Configuration required.

Advertisements

ITQ’s End User Portal for System Center Orchestrator (EUPSCO) – Part 4: Database


In our previous post (ITQ’s End User Portal for System Center Orchestrator (EUPSCO) – Part 3: Service Accounts), we covered setting up/preparing the Service Accounts. In this post we follow Damian Flynn’s steps on the Database.

The following is a re-write (to accommodate screenshots) from Damian Flynn’s article, with the addition of screenshots by me.

 

Database

In this lab example, I will be using the existing SQL Server installation and existing SQL Instance that I used for the Orchestrator installation. This is not necessary, but makes things simpler and more contained.

Start by launching SQL Server Management Studio, ensure to run it as Administrator.

SQL Server Management Studio

Connect to the existing SQL Server Instance. In my example, my server name is EUPSCO, and my SQL Instance name is also EUPSCO.

Connect to SQL Server

In the Object Explorer, expand the Server Name, and select expand Security.

Object Explorer - Security

Right-click on Logins, and select New Login.

Security - Logins - New Login

In the New Login dialog,enter the Service Account that we created in Part 3 – Service Accounts, along with the domain; then click OK. In my lab example this is: SC\EUPSCO_AppPool.

Login - New

Now, still in the Object Explorer, expand the Server Name, and expand Databases.

Object Explorer - Databases

Right-click on Databases and select New Database.

Databases - New Database

On the New Database dialog, provide a Database Name. In my lab example, I used EUPSCO.

New Database - EUPSCO

In the Owner field, click the “…” button to present the Select Database Owner dialog, enter the Service Account name, then click the Check Names button.

Select Database Owner

On the Multiple Objects Found dialog, select the Service Account that you created, then click OK.

Select Database Owner - Multiple Objects Found

Back on the Select Database Owner dialog, click OK.

Select Database Owner - Completed

Back on the New Database dialog, it should now show both the Database Name and Owner fields filled out; then click OK to create the database (accepting the defaults for Database File Size, and Log File Size).

New Database - EUPSCO - Completed

In the Object Explorer, you should now see the newly created database. In my lab example, this is EUPSCO.

New Database Created

 

In our next post, we will discuss the Portal Installation steps.

ITQ’s End User Portal for System Center Orchestrator (EUPSCO) – Part 3: Service Accounts


In our previous post (ITQ’s End User Portal for System Center Orchestrator (EUPSCO) – Part 2: Prerequisites), we covered setting up/preparing the Prerequisites. In this post we follow Damian Flynn’s steps on the Service Accounts.

The following is a re-write (to accommodate screenshots) from Damian Flynn’s article, with the addition of screenshots by me.

 

Service Accounts

Since the application is a web app, we need to create a Service Account to use with the Internet Information Services (IIS) Application Pool. Additionally, this Service Account requires additional privileges, since it will interact with Orchestrator and the SQL Server database.

The additional privileges required are as follows:

  • Orchestrator: Administrative Access to Orchestrator
  • Database: Database Owner (DBO) access to the database that will contain the End User Portal configurations

 

On your Domain Controller, launch Server Manager, and navigate to Tools > Active Directory Users and Computers.

Server Manager - Active Directory Users and Computers

 

Within Active Directory Users and Computers, locate the applicable/suitable Organizational Unit (OU) to contain the Service Account, then in the menu navigate to Action > New > User.

AD - New User

On the New Object- User dialog, fill in the Full Name, and User Logon Name fields, then press Next. In my example I am using “EUPSCO_AppPool”.

AD - New Object - User 01

On the next screen, provide a password that meets your security criteria, and also ensure that “User must change password at next logon” is NOT selected, and “User cannot change password” and “Password never expires” are both selected (depending on your security requirements), then click Next.

AD - New Object - User 02

On the final screen in the New Object – User dialog, review the information displayed, then click Finish.

AD - New Object - User 03

Now that we have the Service Account created, we need to add it to the group (defined during the installation of Orchestrator) for Orchestrator Administrators. In my lab example, I called this group “SCORCH Admins”.

Right-click on your newly created Service Account and choose ‘Add To A Group‘.

Account - Add To A Group

On the Select Group dialog, type the name of the Security Group that you created for the Orchestrator Administrators, click Check Names to ensure the group is properly referenced, then click OK.

Account - Add To A Group - Select Groups

You will receive a confirmation message, click OK.

Account - Add To A Group - Completed

If you open the Properties for the Service Account (by right-clicking the account and choosing Properties; or by double-clicking on the account itself), and navigate to the “Member Of” tab, you will see the Security Group present.

Account - Properties - Member Of

This completes the creation of the End User Portal Service Account, and partial configuration of the access required. If you recall, we also need to grant the account appropriate access to the database. However, we have not created it yet. This additional access will be addressed in the Database post.

In our next post, we will discuss the Database(s) required.

Tag Cloud

%d bloggers like this: