Automated Deployment of SharePoint 2013 with Windows Azure PowerShell

barryit edited this page Jan 18, 2014 · 76 revisions

About the Scripts

The scripts allow the automated provisioning of Active Directory, SQL Server and SharePoint. They are specifically designed for quickly spinning up a starting infrastructure for SharePoint workloads in Windows Azure.

Configuration Templates

SingleVMs

This template is designed to produce a SharePoint farm for evaluation, development or testing.

  • 1 Windows Virtual Machine for Active Directory - Small Instance Size (1 core and 1.75 GB memory)
  • 1 SQL Server Virtual Machine - A6 Instance Size (4 cores and 28 GB memory)
  • 1 SharePoint Server 2013 Virtual Machine with all Services - Large Instance Size (4 cores and 7 GB memory)

HighlyAvailable

This template produces a SharePoint farm configured for high availability. Each tier is in an associated Availability Set. The SQL Server tier is configured with an AlwaysOn Availability Group with the SharePoint databases replicated for high availability.

  • 2 Windows Virtual Machines for Active Directory - Instance Size Small (1 core and 1.75 GB memory)
  • 2 SQL Server VMs - Instance Size A6 (4 cores and 28 GB memory)
  • 1 Windows VM for Quorum - - Small Instance Size (1 core and 1.75 GB memory)
  • 2 SharePoint Application Servers - Instance Size Large (4 cores and 7 GB memory)
  • 2 SharePoint Web Servers - Instance Size Large (4 cores and 7 GB memory)

Default instance sizes can be adjusted by modifying the configuration files in the \Config\Template directory.

Virtual Network

Both Templates create a Windows Azure Virtual Network. You must customize the base configuration files to use an existing virtual network (see notes at the bottom of this page).

Release and Support Status

The scripts are provided as samples and are not officially supported by Windows Azure support. We are very interested in feedback so please report issues through the GitHub repo.

Configuring your environment.

Step 1: Download the Latest Windows Azure PowerShell Cmdlets

Step 2: [Download the zip file containing all of the PowerShell Sample Scripts] (https://github.com/WindowsAzure/azure-sdk-tools-samples/archive/master.zip)

Step 3: Launch PowerShell or PowerShell_ISE elevated
Run the following PowerShell commands to configure PowerShell to work with Azure or copy into the top of the master-deployment-script.ps1.

Set-ExecutionPolicy ByPass #For more info see step 5 below
Enable-PSRemoting #For more info see step 6 below
Enable-WSManCredSSP -role client -delegatecomputer "*.cloudapp.net" #For more info see step 7 below
$regKey = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain"
Set-ItemProperty $regKey -Name WSMan -Value "WSMAN/*.cloudapp.net" #For more info see step 8 below
Get-AzureSubscription -ExtendedDetails #For more info see step 9 below

Step 4: [Prepare your PowerShell Environment for Windows Azure] (http://msdn.microsoft.com/en-us/library/windowsazure/jj554332.aspx)

Step 5: Enable the ByPass PowerShell execution policy by running Set-ExecutionPolicy ByPass. This will allow the downloaded scripts to run without individually prompting you.

Click here for more information on Set-ExecutionPolicy

Step 6: Enable PowerShell Remoting by executing the following command.
Enable-PSRemoting

Note:

  • This command will fail if your client machine is connected to any networks defined as "Public network" in "Network and Sharing Center."

Step 7: Enable CredSSP on your client machine for delegation before executing any scripts.
Enable-WSManCredSSP -role client -delegatecomputer "*.cloudapp.net"

Note:

  • This command will fail if your client machine is connected to any networks defined as "Public network" in "Network and Sharing Center."
  • This command will fail if PowerShell remoting has not previously been enabled
    Enable-PSRemoting

For more details on enabling CredSSP:

Step 8 Enable Delegating Credentials
a. PowerShell
$regKey = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain"
Set-ItemProperty $regKey -Name WSMan -Value "WSMAN/*.cloudapp.net"

B. Group Policy Editor
Run GPEdit.msc You must also enable delegating of fresh credentials using group policy editor on your client machine. Computer Configuration -> Administrative Templates -> System -> Credentials Delegation and then change the state of "Allow Delegating Fresh Credentials with NTLM-only server authentication" to "Enabled." Its default state will say, "Not configured."

In the Add Servers sections add the following.

  • WSMAN/*.cloudapp.net

Step 9: Ensure your subscription has enough cores to create the VMs. Instance sizes for each VM tier can be specified in the \config files. Your subscription quota information can be obtained by calling Get-AzureSubscription -ExtendedDetails.

Using the master-deployment-script.ps1 file to deploy a SharePoint environment.

The script master-deployment-script.ps1 will provision a tier for Active Directory, SQL Server and SharePoint based on the configuration template you specify in the script

  • Template: HighlyAvailable - 9 VMs (2 AD, 3 for SQL and 4 for SharePoint)
  • Template: SingleVMs - 3 VMs (1 AD, 1 for SQL and 1 for SharePoint)

The AutoConfigure method called within the script takes several parameters that allow you to customize the environment.

  • -TemplateName - Required - (SingleVMs or HighlyAvailable)
  • -Location - Required - Data center location to create VMs and Virtual Network. This must be the same location as the storage account if specified. (Get-AzureLocation | Select DisplayName)
  • -ServiceName - Optional - Cloud Service name for VMs. Will be created and if not specified will be generated automatically).
  • -ScriptFolder - Path to configuration files
  • -SubscriptionName - Optional - Name of your subscription as configured in PowerShell. Uses Get-AzureSubscription -Current if not specified.
  • -StorageAccountName - Optional - Name of the storage account to use. One is created if not specified. Must be in the same location as -Location.
  • -adminAccount - Optional - User name that will be created for the deployment (AD and Local account will be created) - Default Value: spadmin
  • -adminPassword - Optional - Password for service accounts for AD/SQL/SharePoint - randomly created if not specified. To discover the generated passwords review the -AutoGen.xml files in the \Config\Template directory.
  • -appPoolAccount - Optional - user name that will be created for the SharePoint App Pools - default spfarm
  • -appPoolPassword - Optional - password for app pool identity - default is the admin password
  • -domain - Optional - netbios domain name of the Active Directory domain to be created. Default Value: corp
  • -dnsDomain - Optional - FQDN of the Active Directory domain to be created. Default Value: corp.contoso.com
  • -configOnly - Optional - Only generates the configuration files but does not create the virtual machines. Note: will also create the storage account if an existing storage account is not specified.
  • -doNotShowCreds - optional - if you do not want the credentials displayed at the end of the script.

Ensure your subscription is correctly set by running:

  • Get-AzureSubscription -Current

Ensure you have enough cores available in your subscription:

  • Get-AzureSubscription -ExtendedDetails

Ensure your machine will not power off during the deployment.

Open the master-deployment-script.ps1 in PowerShell_ISE or your favorite editor and set desired parameters.

Note: It is recommended to either use ISE or another PS Execution environment with a large console history as the scripts can output a lot of information and unless the console buffer is made much bigger output useful for troubleshooting could be list.

Notes on Deploying to an Existing Virtual Network (Skip to allow the VNET to be automatically created)
The scripts will by default create a new virtual network named SPVNet and a new AffinityGroup named SPVNet-AG into whatever location you specify. If you would like to deploy to an existing virtual network you must update the following in each XML configuration file before running.

  • AD-Sample.xml - VNETName should reference the existing VNET Name
  • AD-Sample.xml - AffinityGroup should reference the Affinity Group that the current VNET is deployed to.
  • AD-Sample.xml - ActiveDirectory -> CreateVNET should be false
  • AD-Sample.xml - AzureVMGroups -> VMRole -> SubnetNames should reference subnets out of the existing VNET.

Note: The AD scripts will register each new DC automatically as a DNS server. There should not be existing DNS Servers on the VNET.

  • SQL-Sample.xml - VNETName should reference the existing VNET Name

  • SQL-Sample.xml - AffinityGroup should reference the Affinity Group that the current VNET is deployed to.

  • SQL-Sample.xml - ActiveDirectory -> CreateVNET should be false

  • SQL-Sample.xml - AzureVMGroups -> VMRole -> SubnetNames should reference subnets out of the existing VNET.

  • SharePoint-Sample.xml - VNETName should reference the existing VNET Name

  • SharePoint-Sample.xml - AffinityGroup should reference the Affinity Group that the current VNET is deployed to.

  • SharePoint-Sample.xml - ActiveDirectory -> CreateVNET should be false

  • SharePoint-Sample.xml - AzureVMGroups -> VMRole -> SubnetNames should reference subnets out of the existing VNET.

Execute the Script (F5 in PowerShell_ISE)

Using the Stand Alone Scripts

Each application tier will have a master script to provision it:

  • \AD\ProvisionAD.ps1
  • \SQL\ProvisionSQL.ps1
  • \SharePoint\ProvisionSharePoint.ps1

To execute the master script just supply a completed configuration file path to it as a parameter.

& "\pathToScripts\AutomatedDeployment\AD\ProvisionAD.ps1" -configFilePath "\pathToScripts\AutomatedDeployment\Config\SingleVMs\AD-Sample.xml"

Configuration File Placeholder Descriptions

AD-Sample.xml

  • {SUBSCRIPTION NAME}

    • Subscription name configured for PowerShell.
    • Retrieve with: Get-AzureSubscription | SELECT SubscriptionName
  • {CLOUD SERVICE NAME}

    • Unique DNS Name for Your AD Virtual Machines.
    • Will be created if it does not exist.
    • Use Test-AzureName -ServiceName (True exists False does not)
  • {STORAGE ACCOUNT}

    • Note: Storage Account must already exist and in the same data center as the location attribute specified in the configuration.
    • Retrieve with: Get-AzureStorageAccount | SELECT StorageAccountName
  • {LOCATION}

    • Data center location to create VMs and Virtual Network.
    • Retrieve with: Get-AzureLocation | SELECT DISPLAYNAME
  • {PASSWORD}

    • Password for domain and local administrative accounts
  • {WINDOWS SERVER 2012 IMAGE NAME}

    • Retrieve with: Get-AzureVMImage | SELECT ImageName
  • {ADMIN ACCOUNT}

    • The local administrator account for the VM. A domain account with the same name and password will be created and used for provisioning.

SQL-Sample.xml

  • {SUBSCRIPTION NAME}

    • Subscription name configured for PowerShell.
    • Retrieve with: Get-AzureSubscription | SELECT SubscriptionName
  • {CLOUD SERVICE NAME}

    • DNS Name for Your SQL Virtual Machines (can use AD Cloud Service Name)
    • Will be created if it does not exist.
    • Use Test-AzureName -ServiceName (True exists False does not)
  • {STORAGE ACCOUNT}

    • Note: Storage Account must already exist and in the same data center as the location attribute specified in the configuration.
    • Retrieve with: Get-AzureStorageAccount | SELECT StorageAccountName
  • {PASSWORD}

    • Password for domain and local administrative accounts. Should be consistent across configuration files.
  • {SQL SERVER 2012 IMAGE NAME}

    • Retrieve with: Get-AzureVMImage | SELECT ImageName
  • {WINDOWS SERVER 2008 R2 IMAGE NAME}

    • (HA Only) The image name to create the cluster quorum on. This must be the same base Windows as the SQL Servers.
  • {AD CLOUD SERVICE NAME}

    • Cloud Service Name where your Active Directory Virtual Machine(s) are already deployed.
    • This resource must already exist.
  • {ADMIN ACCOUNT}

    • The local administrator account for the VM.
  • {DOMAIN ADMIN ACCOUNT}

    • The domain administrator account to use when connecting to AD. Will be used to domain join VMs, and optionally create service accounts if specified in the configuration and they do not exist.
  • {SQL ADMIN ACCOUNT}

    • The SQL Account that will be used for access to the SQL VMs. Note: This account can have the same name as the Local Admin account and will be automatically created for you.

SharePoint-Sample.xml

  • {SUBSCRIPTION NAME}

    • Subscription name configured for PowerShell.
    • Retrieve with: Get-AzureSubscription | SELECT SubscriptionName
  • {STORAGE ACCOUNT}

    • Note: Storage Account must already exist and in the same data center as the location attribute specified in the configuration.
    • Retrieve with: Get-AzureStorageAccount | SELECT StorageAccountName
  • {PASSWORD}

    • Password for domain and local administrative accounts. Should be consistent across configuration files.
  • {CLOUD SERVICE NAME}

    • DNS Name for Your SharePoint Virtual Machines (can use AD/SQL Cloud Service Name)
    • Will be created if it does not exist.
    • Use Test-AzureName -ServiceName (True exists False does not)
  • {SHAREPOINT 2013 IMAGE NAME}

    • Retrieve with: Get-AzureVMImage | SELECT ImageName
  • {AD CLOUD SERVICE NAME}

    • Cloud Service Name where your Active Directory Virtual Machine(s) are.
  • {DOMAIN}

    • The NETBIOS Domain Name (corp) if your full Active Directory domain is corp.contoso.com
  • {DNS DOMAIN}

    • The FQDN Name of the Active Directory Domain (corp.contoso.com)
  • {SQL CLOUD SERVICE NAME}

    • Cloud Service Name where your SQL Server Virtual Machine(s) are.
  • {SHAREPOINT APP URL}

    • The URL for your SharePoint application. This will likely be {CLOUD SERVICE NAME}.cloudapp.net (replace {CLOUD SERVICE NAME} with the name of your cloud service.
  • {ADMIN ACCOUNT}

    • The local administrator account for the VM.
  • {DOMAIN ADMIN ACCOUNT}

    • The domain administrator account to use when connecting to AD. Will be used to domain join VMs, and optionally create service accounts if specified in the configuration and they do not exist.
  • {DOMAIN\APP POOL ACCOUNT}

    • The domain account that will be specified for the SharePoint Web Application (s) application pool. This account will be created for you in Active Directory.

**Notes on Cloud Service Names**
Cloud Services act as containers for virtual machines and can provide a networking and security boundary. With these scripts you can use a single Cloud Service Names for all of your virtual machines or you can use a separate Cloud Service Name for each tier.
If you use multiple Cloud Service Names in the same script you must enable CredSSP on EACH Cloud Service Name or use a wsman/*.cloudapp.net wildcard.
**Output from Deployment Scripts**
* Creates blank publishing site should be available on port 80 * SharePoint Central Admin Site on port 20000