Scripted Installation of SharePoint 2013 and Office Web Apps Server – From the Field

This is the first in a series of posts where I will talk about my involvement in the TAP (Technology Adoption Program) and more specifically a project I was involved in to implement the SharePoint 2013 platform and Office Web Apps Server farm. I will be sharing my findings and experience that will hopefully help you to:

• Create a reusable SharePoint 2013 build and configuration guide
• Implement SharePoint and Office Web Apps Server in a consistent manner using the scripts I will provide throughout this blog post series.

The series is broken down into the following articles that I will write:

1. Farm Topology and Prerequisites (This article)
2. SharePoint Installation, Configuration and Basic Service Applications Deployment
3. User Profile, Search and Distributed Cache Service Applications Deployment
4. Office Web Apps Server farm Implementation and Configuration

Introduction

This post will focus on providing an overview of the overall farm topology, the end to end build sequence from preparation to testing, recommended service accounts and the prerequisites.

Build Sequence

The following diagram illustrates the high level overview of the steps required to implement and configure the SharePoint and Office Web Apps Server farms. The Office Web Apps server farm requires dedicated hardware and is no longer implemented as a SharePoint service application.

 

Farm Topology

The server farm topology will have multiple tiers and each tier will have redundant server instances, this is the most common topology that provides an efficient physical and logical layout to support scaling out or scaling up, and provides better distribution of services across the
member servers.

It is important to adopt an iterative design approach to analyse the architecture model, to verify that the model identifies all the elements that are required for the farm solution. 

The Plan for monitoring in SharePoint 2013 TechNet article provides great introduction on tools and scenarios on how to best use them. 

Redundant member servers are hosted on different Hyper-V hosts and Anti-Affinity helps to eliminate single points of failure. It is worth noting that the Deployment guide for SharePoint 2013 eBook, provides great detailed information regarding recommended practices when implementing SharePoint 2013 on a virtualised platform such as:         

• Leave adequate memory for the Hyper-V partitions - For SharePoint products virtual machines, we recommend 4 GB of RAM or more for host computer operations.
• Use a minimum of two physical network adapters - For better network management and performance, dedicate one adapter to virtual machine network traffic and use the other adapter for virtualization host network traffic.
• Do not oversubscribe the CPU on the virtualization host computer - Review the supported ratio of virtual processors per logical processor and avoid oversubscribing the host computer CPU. The optimum virtual processor:logical processor ratio is 1:1. For more information, see Configure the processors for the virtual machines in Deployment guide for SharePoint 2013 eBook.
• Do not cross Non-uniform memory access (NUMA) boundaries - Hyper-V spans NUMA nodes to assign physical memory to a virtual machine; however, this does reduce performance on the virtual machine. For more information, see Configure the memory for the virtual machines in Deployment guide for SharePoint 2013 eBook.
• Do not use snapshots in a production environment - Do not use snapshots for the virtual machines in a SharePoint products production environment.  When you create a snapshot, Hyper-V creates a new secondary drive for the virtual machine. Write operations occur on the new drive and read operations occur on both drives, which has the same net affect as a differencing disk. Every snapshot that you add reduces disk performance further.
• Do not use dynamic memory - The reason is that this implementation of dynamic memory does not work with every SharePoint feature. For example, Distributed Cache and Search do not resize their caches when the allocated memory for a virtual machine is dynamically changed. This can cause performance degradation, especially when assigned memory is reduced.

Service Accounts

The following service accounts are what I have used to create the farm. This list may vary for your implementation depending on Server resources management versus least privilege security recommendation, required service applications and in general what works for your implementation based on the organisations security guidelines and policies.

Account	Purpose	Requirements
SVC_SPInst Setup user account (Install Account)	The Setup user account is used to run the following: Setup SharePoint Products Configuration Wizard	Domain user account. Member of the Administrators group on each server on which Setup is run. SQL Server login on the computer that runs SQL Server. dbcreator and securityadmin This account must be a member of the db_owner fixed database role for the content databases database.
SVC_SPFarm	The server farm account is used to perform the following tasks: Configure and manage the server farm. Act as the application pool identity for the SharePoint Central Administration Web site. Run the Microsoft SharePoint Foundation Workflow Timer Service.	Domain user account. Additional permissions are automatically granted for the server farm account on Web servers and application servers that are joined to a server farm. The server farm account is automatically added as a SQL Server login on the computer that runs SQL Server. The account is added to the following SQL Server security roles: dbcreator fixed server role securityadmin fixed server role db_owner fixed database role for all SharePoint databases in the server farm
SVC_SPSvc	A generic services account for grouped Service Applications	Domain user account
SVC_SPSvcPool	Application Pool Identity for SharePoint Web Services Default application	Domain user account
SVC_SPWeb	Application Pool Identity for the main web application	Domain user account
SVC_SPUPA	The User Profile Service account is used to run the following: User Profile Synchronisation with AD	Domain user account AD Delegate rights for: Replication Directory Changes
SVC_SPSearch	This is the Windows Service account for the SharePoint Server Search Service. This setting affects all Search Service Applications in the farm.	Domain user account
SVC_SPSrchPl	Search Admin Web Service application pool Search Query and Site Settings Web Service application pool	Domain user account
SVC_SPSrchCrl	Windows user credentials for the Search service application to use to access content when crawling	Domain user account
SVC_SPFabric	AppFabric Caching service	Domain user account
SVC_SPOWAPool	Office Web App Application pool account	Domain user account
SVC_SPOWASvc	Office web application Services Pool	Domain user account
SVC_SPSecStr	Secure Store application Pool account	Domain user account

Prerequisites

1. All SharePoint servers would require an additional drive to host Data, Log and Index flies.
   1. An additional VHD is required
   2. Bring the disk online
   3. Format the drive as NTFS, label: Data

2. Ensure that the following are implemented:
1. Remote Registry Service started (or Automatic - Trigger Start) on all servers
2. Inbound firewall rules enabled on all SharePoint servers: (Please see SharePoint 2013 Ports, Proxies and Protocols - An Overview of Farm Communications for more information)
1. ICMP v4
2. ICMP v6
3. Central Administration port number on the servers hosting the Central Admin Site only. It is recommend to use SSL for the central administration site.
4. Distribution Cache port 22233 on the Distribution Cache Servers only
3. Ensure that the Install account has SQL securityadmin and dbcreator roles and is member of local administrator group on all SharePoint servers
4. Ensure that the Farm account is a member of local administrators group on the server hosting the User Profile Service Synchronisation Service. This is only required during the User Profile Synchronisation Configuration defined in post #3 User Profile, Search and Distributed Cache Service Applications Deployment. These permissions are only required while configuring User Profile synchronisation Settings. However, when a backup of the User Profile application is initiated, the synchronization service provisions the User Profile application again. During the course of provisioning the User Profile application, the farm account must stop and start the synchronization service. To do this, the farm account must be a member of the Administrators group on the computer that is running the synchronization service.

5. Ensure that the Farm account is able to logon locally on the server hosting the User Profile Service Synchronisation Service (Please see Plan account permissions).

 Now we are ready to implement SharePoint and configure the basic services. Look out for part two for detailed step by step scripted deployment and configuration of the farm.

---

This is the second post in the Scripted Installation of SharePoint 2013 and Office Web Apps Server series. If you have not already done so, please see part one of this blog series: Farm Topology and Prerequisites.

1. Farm Topology and Prerequisites
2. SharePoint Installation, Configuration and Basic Service Applications Deployment
3. User Profile, Search and Distributed Cache Service Applications Deployment
4. Office Web Apps Server farm Implementation and Configuration

This blog post will cover:

• Installation of SharePoint 2013
• Farm creation and configuration
• Implementation of:
• Excel Services
• Secure Store
• Usage and Health Data Collection
• Managed Metadata Services
• State Services
• Configuration of services on servers
• Configuration of usage and health data collection
• Configuration of state service
• Configuration of diagnostic logging

Servers in Farm

The following table illustrates the server names and associated server roles for each server:

Server Name	Server Role
SPWEB01	SharePoint 2013 Web Server 1
SPWEB02	SharePoint 2013 Web Server 2
SPDCache01	SharePoint 2013 Distribution Cache Server 1
SPDCache02	SharePoint 2013 Distribution Cache Server 2
SPAPP01	SharePoint 2013 Application Server 1 (CA)
SPAPP02	SharePoint 2013 Application Server 2 (CA)
SPQuery01	SharePoint 2013 Query Processing and Index Server 1
SPQuery02	SharePoint 2013 Query Processing and Index Server 2
SPCrawl01	SharePoint 2013 Admin, Crawl, Content Processing, Analytics Processing Server 1
SPCrawl02	SharePoint 2013 Admin, Crawl, Content Processing, Analytics Processing Server 2

Installation Prerequisites and Assumptions

• Please download and extract attached files onto local directory. It has been assumed that this directory is local folder on all SharePoint serves created as E:\Scripts\Install
• It is assumed that the SharePoint installation directory is D:\ (the location of the media ISO)
• Update the SilentConfig.xml file with SharePoint product key. Please see Config.xml reference on TechNet for more information.
• Update the Config.xml file with environment specific information such as, SQL server alias name (To improve ease of maintenance, and make it easier to relocate the database if it is required in the future, create DNS aliases that point to the IP address for all instances of SQL Server), farm account details, admin database and configuration database.  
• Update the SPCredentials.xml file with service accounts and passwords information.
• Update the SPServices.xml file with Usage and Health data collection log file location, Usage and Health data collection maximum file size, SQL server name, service application names and related database names.

Install SharePoint (with Internet Connection)

The following steps will only work if each SharePoint server has direct access to the internet. If access is through a proxy, further configuration may be required. Therefore, if internet access is NOT available OR through a proxy, it is recommended to follow the guidelines listed next Install SharePoint (without Internet Connection)

1. Ensure that the SharePoint installation media is mounted and D:\Setup .exe is accessible
2. Microsoft SQL Server 2008 R2 Native Client is installed as part of SharePoint 2013 prerequisites installer, however if you are using SQL Server 2012 to host SharePoint databases install Microsoft SQL Server 2012 Native Client 64-bit edition on all SharePoint servers.
3. Install SharePoint prerequisites and SharePoint binaries by executing the following script on all servers listed above (launch PowerShell as administrator).  This script can be run simultaneously on all servers to save time.

Set-ExecutionPolicy Unrestricted –force 
E:\Scripts\Install\SPInstaller.ps1 -installPath D:\ -offline "n"

This script will automatically restart servers as required but you will need to log-in to the machine using the install account when prompted. DO NOT RUN the configuration wizard and un-mount the installation media from each server once the script has run successfully

Please note: Windows PowerShell execution policies let you determine the conditions under which Windows PowerShell loads configuration files and runs scripts. The execution policy is not a security system that restricts user actions. Instead, the execution policy helps users to set basic rules and prevents them from violating them unintentionally. Please see About Execution Policy TechNet article.

Install SharePoint (without Internet Connection)

If a direct internet connection is not available during installation, even if a proxy is available, the SharePoint prerequisites installation is likely to fail. This is because, 46 windows components need to be verified and installed (if missing) as well as an additional 8 features specific to SharePoint. By default the prerequisites installer will look to download the missing binaries online and without an internet connection this will fail. The following screenshot shows the first indication of this failure:

To successfully install the necessary prerequisites perform the following steps

Install Windows Server Features and Roles

1. Mount the Windows Server 2012 installation media (ISO) to drive D:\ and check that directory D:\sources\sxs exists on the image (it will contain lots of folders) on each server in the SharePoint farm
2. Open a PowerShell prompt as an administer and run the following script from each server in the farm to install all 46 Windows components: 

Set-ExecutionPolicy Unrestricted –force 
E:\Scripts\Install\WinPreReqs.ps1

      3. Verify that all the roles and features have been successfully installed by executing the following from a PowerShell prompt run as administrator and checking the status the required features listed above are set to installed:

Get-WindowsFeature 

      4. Restart all servers after the script has successfully completed

      5. Un-mount the Windows Server 2012 installation media (ISO) drive from all servers

Install Remaining SharePoint 2013 Prerequisites Offline

Download the following 8 additional prerequisites to a local directory and make available on each server in the farm (network shares are supported):

• MicrosoftSync Framework Runtime v1.0 SP1 (x64)
  http://download.microsoft.com/download/E/0/0/E0060D8F-2354-4871-9596-DC78538799CC/Synchronization.msi
• Windows Server AppFabric
  http://download.microsoft.com/download/A/6/7/A678AB47-496B-4907-B3D4-0A2D280A13C0/WindowsServerAppFabricSetup_x64.exe 
• Cumulative Update Package 1 for Microsoft AppFabric 1.1 for Windows Server (KB2671763)
  http://download.microsoft.com/download/7/B/5/7B51D8D1-20FD-4BF0-87C7-4714F5A1C313/AppFabric1.1-RTM-KB2671763-x64-ENU.exe
• Windows Identity Foundation (KB974405)
  http://download.microsoft.com/download/D/7/2/D72FD747-69B6-40B7-875B-C2B40A6B2BDD/Windows6.1-KB974405-x64.msu
• Microsoft Identity Extensions
  http://download.microsoft.com/download/0/1/D/01D06854-CA0C-46F1-ADBA-EBF86010DCC6/rtm/MicrosoftIdentityExtensions-64.msi
• Microsoft Information Protection and Control Client
  http://download.microsoft.com/download/9/1/D/91DA8796-BE1D-46AF-8489-663AB7811517/setup_msipc_x64.msi
• Microsoft WCF Data Services 5.0
  http://download.microsoft.com/download/8/F/9/8F93DBBD-896B-4760-AC81-646F61363A6D/WcfDataServices.exe
• Microsoft SQL Server 2008 R2 SP1 Native Client
  http://download.microsoft.com/download/9/1/3/9138773A-505D-43E2-AC08-9A77E1E0490B/1033/x64/sqlncli.msi

Open a PowerShell prompt as an administer and run the following script from each server in the farm, when prompted enter the path in which the download prerequisites can be found

E:\Install\scripts\SPPreReqInstall.ps1

Install SharePoint Binaries 

1. Ensure that the SharePoint installation media is mounted and D:\Setup .exe is accessible
2. Microsoft SQL Server 2008 R2 Native Client is installed as part of SharePoint 2013 prerequisites installer, however if you are using SQL Server 2012 to host SharePoint databases install Microsoft SQL Server 2012 Native Client 64-bit edition on all SharePoint servers.
3. Install SharePoint prerequisites and SharePoint binaries by executing the following script on all servers listed above (launch PowerShell as administrator).  This script can be run simultaneously on all servers to save time.

Set-ExecutionPolicy Unrestricted –force 
E:\Scripts\Install\SPInstaller.ps1 -installPath D:\ -offline "y"

This script will automatically restart servers as required but you will need to log-in to the machine using the install account when prompted. DO NOT RUN the configuration wizard and un-mount the installation media from each server once the script has run successfully

Apply March PU and April CU

Before configuring the farm, two product updates are required to SharePoint 2013 which can be downloaded from the following links (note a server restart is required after each update):

(1)   KB2767999 http://support.microsoft.com/kb/2767999

(2)   KB2726992 http://support.microsoft.com/kb/2726992

The March PU (KB2767999) must be applied before the April CU (KB2726992) and is also a dependency for any future patches or cumulative updates.

Create the Farm

Login to SPAPP01 (Application Server hosting the Central Administration site) using the installer account and launch SharePoint Management Shell as administrator. Execute the following command to create the farm: 

E:\Scripts\Install\SPConfig.ps1 -configLocation E:\Scripts\Install\Config.xml -createJoin create -isCA "y"

Join Servers to the Farm

Login to SPAPP02 (The second Application Server hosting the Central Administration site) and launch SharePoint Management Shell as administrator. Execute the following PowerShell script:

E:\Scripts\Install\SPConfig.ps1 -configLocation E:\Scripts\Install\Config.xml -createJoin join -isCA "y"

Run the following script on the below SharePoint servers:

E:\Scripts\Install\SPConfig.ps1 -configLocation E:\Scripts\Install\Config.xml -createJoin join -isCA "n"

Server Name	Server Role
SPWEB01	SharePoint 2013 Web Server 1
SPWEB02	SharePoint 2013 Web Server 2
SPDCache01	SharePoint 2013 Distribution Cache Server 1
SPDCache02	SharePoint 2013 Distribution Cache Server 2
SPQuery01	SharePoint 2013 Query Processing and Index Server 1
SPQuery02	SharePoint 2013 Query Processing and Index Server 2
SPCrawl01	SharePoint 2013 Admin, Crawl, Content Processing, Analytics Processing Server 1
SPCrawl02	SharePoint 2013 Admin, Crawl, Content Processing, Analytics Processing Server 2

 Register Managed Accounts

Login to SPAPP01 (Application Server hosting the Central Administration site) using the installer account and launch SharePoint Management Shell as administrator. Execute the following command to register managed accounts in the farm:

E:\Scripts\Install\SPCredentials.ps1 -configLocation E:\Scripts\Install\SPCredentials.xml

Configure Basic Services

Login to SPAPP01 (Application Server hosting the Central Administration site) using the installer account and launch SharePoint Management Shell as administrator. Execute the following command to start required services and stop unwanted ones:

E:\Scripts\Install\SPServices.ps1 -configLocation E:\Scripts\Install\SPServices.xml

 The above script will stop unnecessary services from servers and starts the following service:

• Excel Services
• Secure Store
• Usage and Health Data Collection
• Managed Metadata Services
• State Services

Configure Usage and Health Data Collection

Login to SPAPP01 (Application Server hosting the Central Administration site) using the installer account and launch SharePoint Management Shell as administrator. Execute the following command to start and configure Usage Service:

E:\Scripts\Install\SPUsage.ps1 -configLocation E:\Scripts\Install\SPServices.xml

Configure State Service

Login to SPAPP01 (Application Server hosting the Central Administration site) using the installer account and launch SharePoint Management Shell as administrator. Execute the following command to start and configure Usage Service:

E:\Scripts\Install\SPStateService.ps1 -configLocation E:\Scripts\Install\SPServices.xml

You should now have basic services started on all servers in the farm. It is recommended to check Servers in Farm page from Central administrations site to ensure that the correct services are started.

By the end of this blog series the expected farm topology will be as illustrated below:

Server Name	Server Role	Services
SPWEB01	Web Server	Microsoft SharePoint Foundation Web Application  Microsoft SharePoint Foundation Workflow Timer Service  Managed Metadata Web Service
SPWEB02	Web Server	Microsoft SharePoint Foundation Web Application  Microsoft SharePoint Foundation Workflow Timer Service  Managed Metadata Web Service
SPDCache01	Distribution Cache	Distributed Cache  Microsoft SharePoint Foundation Workflow Timer Service  Microsoft SharePoint Foundation Web Application
SPDCache02	Distribution Cache	Distributed Cache  Microsoft SharePoint Foundation Workflow Timer Service  Microsoft SharePoint Foundation Web Application
SPAPP01	Application Server	Central Administration  Excel Calculation Services  Microsoft SharePoint Foundation Workflow Timer Service  Secure Store Service  User Profile Service  User Profile Synchronization Service
SPAPP02	Application Server	Central Administration  Excel Calculation Services  Microsoft SharePoint Foundation Workflow Timer Service  Secure Store Service  User Profile Service
SPQuery01	Search - Query Processing and Index	Microsoft SharePoint Foundation Workflow Timer Service  Search Host Controller Service  Search Query and Site Settings Service  SharePoint Server Search
SPQuery02	Search - Query Processing and Index	Microsoft SharePoint Foundation Workflow Timer Service  Search Host Controller Service  Search Query and Site Settings Service  SharePoint Server Search
SPCrawl01	Search - Admin, Crawl, Content Processing, Analytics Processing	Microsoft SharePoint Foundation Workflow Timer Service  Search Host Controller Service  Search Query and Site Settings Service  SharePoint Server Search
SPCrawl02	Search - Admin, Crawl, Content Processing, Analytics Processing	Microsoft SharePoint Foundation Workflow Timer Service  Search Host Controller Service  Search Query and Site Settings Service  SharePoint Server Search

Lookout for the next blog post, where we complete the farm configuration by provisioning search, user profile services and distributed cache service.

BasicServices_Blog02.zip