In this hands-on lab you will learn how to create a SharePoint farm, connected with Active Directory and SQL Server.
In this hands-on lab, you will learn how to:
- Use the Windows Azure Portal to create a Sharepoint Image.
- Connect two virtual machines to the same cloud service for network connectivity.
- Create and Configure SharePoint Server Farm.
The following is required to complete this hands-on lab:
- Complete the Deploying Active Directory HOL
- Complete the Deploying SQL Server for SharePoint HOL
- Windows Azure PowerShell CmdLets
- A Windows Azure subscription - sign up for a free trial
In order to complete this lab, you will need your subscription’s secure credentials. Windows Azure lets you download a Publish Settings file with all the information required to manage your account in your development environment.
Note: If you have done these steps in a previous lab on the same computer you can move on to Exercise 1.
In this task, you will log on to the Windows Azure Portal and download the publish-settings file. This file contains the secure credentials and additional information about your Windows Azure Subscription that you will use in your development environment. Therefore, you will import this file using the Windows Azure Cmdlets in order to install the certificate and obtain the account information.
Open Internet Explorer and browse to https://windows.azure.com/download/publishprofile.aspx.
Sign in using the Microsoft Account associated with your Windows Azure account.
Save the publish-settings file to your local file system.
Downloading publish-settings file
Note: The download page shows you how to import the publish-settings file using the Visual Studio Publish box. This lab will show you how to import it using the Windows Azure PowerShell Cmdlets instead.
Search for Windows Azure PowerShell in the Start screen and choose Run as Administrator.
Change the PowerShell execution policy to RemoteSigned. When asked to confirm press Y and then Enter.
Note: The Set-ExecutionPolicy cmdlet enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer. Windows PowerShell has four different execution policies:
- Restricted - No scripts can be run. Windows PowerShell can be used only in interactive mode.
- AllSigned - Only scripts signed by a trusted publisher can be run.
- RemoteSigned - Downloaded scripts must be signed by a trusted publisher before they can be run.
- Unrestricted - No restrictions; all Windows PowerShell scripts can be run.
For more information about Execution Policies refer to this TechNet article: http://technet.microsoft.com/en-us/library/ee176961.aspx
The following script imports your publish-settings file and generates an XML file with your account information. You will use these values during the lab to manage your Windows Azure Subscription. Replace the placeholder with the path to your publish-setting file and execute the script.
Execute the following commands and take note of the Subscription name and the storage account name you will use for the exercise.
Get-AzureSubscription | select SubscriptionName Get-AzureStorageAccount | select StorageAccountName
If the preceding command do NOT return a storage account, you should create one first.
Run the following command to determine the data center to create your storage account in. Ensure you pick a data center that shows support for PersistentVMRole.
Create your storage account:
New-AzureStorageAccount -StorageAccountName '[YOUR-SUBSCRIPTION-NAME]' -Location '[DC-LOCATION]'
Execute the following command to set your current storage account for your subscription.
Set-AzureSubscription -SubscriptionName '[YOUR-SUBSCRIPTION-NAME]' -CurrentStorageAccount '[YOUR-STORAGE-ACCOUNT]'
This hands-on lab includes the following exercises:
Estimated time to complete this lab: 50 minutes.
You will now create the SharePoint Server disk image required to run this hands-on lab.
Make sure you have this image created before starting with the lab.
In this task, you will create a SharePoint virtual machine from an image using PowerShell and we will join it to the domain we created in Deploying Active Directory hands-on lab. You will later use this virtual machine to configure the SharePoint Farm.
Navigate to the Windows Azure Management Portal using a web browser, and sign in using your Microsoft account.
If you do not have the IP address of the Domain Controller Virtual Machine, Navigate to the Windows Azure Portal using a Web browser and sign in using the Microsoft Account associated with your Windows Azure account.
Go to Virtual Machines, select the virtual machine where you deployed the active directory and select the Connect button at the bottom panel.
In the virtual machine, go to Start, type cmd and press ENTER.
Type ipconfig and press ENTER. Take note of the IPv4 address, you will use it later on this exercise.
Close the Remote Desktop connection.
Click NETWORKS in the left pane. Select the desired Virtual Network and copy its Affinity Group name. You will use this name later, to create the new Virtual Machine.
Open Windows Azure PowerShell from Start | All Programs | Windows Azure | Windows Azure PowerShell, right-click Windows Azure Powershell and choose Run as Administrator.
Execute the following command to obtain the names of the available OS Disk images. Take note of the SharePoint image disk name you created in the Getting Started section of this lab.
Get-AzureVMImage | Select ImageName
Image Name list
Copy the SharePoint Image name and execute the following command to define the Operating System disk image name for the new Virtual Machine. In this case we are going to use c6e0f177abd8496e934234bd27f46c5d__SharePoint-2013-Trial-4-13-2013 but it may defer when running the Lab.
$imgName = 'c6e0f177abd8496e934234bd27f46c5d__SharePoint-2013-Trial-4-13-2013'
Set up the virtual machine's DNS settings. To do this, you will use the Virtual Machine you created in Deploying Active Directory HOL. Replace the placeholders before executing the following command. Use the IP address you took note at the beginning of the exercise.
$advmIP = '[AD-IP-ADDRESS]' $advmName = '[AD-VM-NAME]' # Point to IP Address of Domain Controller Created Earlier $dns1 = New-AzureDns -Name $advmName -IPAddress $advmIP
Set up the two virtual machine's configuration settings to automatically join the domain in the provisioning process. Before executing the command, replace the placeholders with the administrator and domain passwords.
$vmName1 = 'spvm1' $vmName2 = 'spvm2' $adminUserName = '[ADMIN-USER-NAME]' $adminPassword = '[YOUR-PASSWORD]' $domainPassword = '[YOUR-PASSWORD]' $domainUser = 'administrator' $FQDomainName = 'contoso.com' $subNet = 'Subnet-1' # Configuring VM to Automatically Join Domain $spvm1 = New-AzureVMConfig -Name $vmName1 -InstanceSize Small -ImageName $imgName | Add-AzureProvisioningConfig -WindowsDomain -AdminUserName $adminUserName -Password $adminPassword ` -Domain 'contoso' -DomainPassword $domainPassword ` -DomainUserName $domainUser -JoinDomain $FQDomainName | Set-AzureSubnet -SubnetNames $subNet $spvm2 = New-AzureVMConfig -Name $vmName2 -InstanceSize Small -ImageName $imgName | Add-AzureProvisioningConfig -WindowsDomain -AdminUserName $adminUserName -Password $adminPassword ` -Domain 'contoso' -DomainPassword $domainPassword ` -DomainUserName $domainUser -JoinDomain $FQDomainName | Set-AzureSubnet -SubnetNames $subNet
Note: The previous command asumes that you used the proposed names for the Domain Name and the Subnets that are shown in the Deploying Active Directory hands on lab. You may need to update the values if you used different names.
Create two Virtual Machine using the Domain and DNS settings you defined in the previous steps. Replace the placeholder with a unique Service Name.
$serviceName = '[YOUR-SERVICE-NAME]' $affinityGroup = 'adag' $adVNET = 'domainvnet' # New Azure VM with VNET and DNS settings New-AzureVM –ServiceName $serviceName -AffinityGroup $affinityGroup ` -VMs $spvm1, $spvm2 -DnsSettings $dns1 -VNetName $adVNET
Note: Make sure the location specified matches the location of the storage account you've configured in the Getting Started section. Also make sure that the service name is available to create the dns of the virtual machine.
Once the provisioning process finish, connect to the virtual machine using Remote Desktop and verify if it was automatically joined to your existing domain. To do so, open server manager and verify that the machine is joined to the domain.
Virtual machine joined to the domain
In this task, you will configure the SharePoint virtual machine to create and a SharePoint Farm.
If not already opened, navigate to the Windows Azure Management Portal using a web browser, and sign in using your Windows account.
In the Virtual Machines section, select the first SharePoint Virtual Machine ( spvm1 ) and click Connect to connect using Remote Desktop.
Open the SharePoint 2013 Products Configuration Wizard.
In the Welcome to SharePoint Products screen click next.
Note: If prompt that some services might restart during installation, click Yes. This second virtual machine will be used to create the SharePoint
In the Connect to a server farm page, select Create a new server farm option.
Create a new server farm
In the Specify Configuration Database Settings page, complete the fields with the following information and click Next.
Database Server: type the name of the computer where you installed SQL Server followed by .contoso.com
Database name: type the name for your SharePoint configuration database. The default name is SharePoint_Config.
Username: type the user name for the server farm account. Ensure that you type the user name in the format DOMAIN\user name. For testing purposes this can be the contoso\administrator account you created in the deploying Active Directory hands on lab.
Note: The server farm account is used to create and access your configuration database. It also acts as the application pool identity account for the SharePoint Central Administration application pool, and it is the account under which the Microsoft SharePoint Foundation Workflow Timer service runs. The SharePoint Products Configuration Wizard adds this account to the SQL Server Login accounts, the SQL Server dbcreator server role, and the SQL Server securityadmin server role. The user account that you specify as the service account must be a domain user account, but it does not need to be a member of any specific security group on your front-end Web servers or your database servers. We recommend that you follow the principle of least privilege and specify a user account that is not a member of the Administrators group on your front-end Web servers or your database servers.
Find more information about this topic here.
Password: type the user’s password.
Configuration Database Settings
In the Specify Farm Security Settings page, type a phrase that meets the minimum requirements and click Next to continue.
Farm Security Settings
Note: A passphrase is similar to a password, but it is usually longer to enhance security.
In the Configure SharePoint Central Administration Web Application page, choose NTLM as Authentication provider and click Next.
Configure SharePoint Central Administration Web Application
Review your configuration settings and click Next. Once the configuration settings are applied click Finish.
Completing the SharePoint Products Configuration Wizard
Now, you will enable Anonymous Access in your SharePoint Server. To do this, open SharePoint Central Administration.
In the Central Administration section, under Application Management, click Manage web applications link.
SharePoint Central Administration
On the top bar, click the New button.
Web Application Management
In the Create New Web Application dialog box, make sure the port is set to 80 and enable Anonymous Access. Click OK to create the web application.
Create New Web Application
Click OK once the Web Application is created.
Select the web application recently created and click Authentication Providers, located in the Web Applications ribbon bar.
In the Authentication Providers dialog, click the Default link.
In the Edit Authentication dialog, locate the Anonymous Access section and select the Enable anonymous access check box.
Back in the Web Application Management page, in the Web Applications tab, click Anonymous Policy.
In the Anonymous Access Restrictions dialog, locate Permissions section and select None - No Policy as Anonymous User Policy.
Anonymous Access Restrictions
In this task, you will configure the SharePoint virtual machine to connect to the SharePoint Farm.
Go back to the Windows Azure Portal and go to Virtual Machines section.
Select the second SharePoint virtual machine (spvm2) and click Connect to connect using Remote Desktop.
Open the SharePoint 2013 Products Configuration Wizard.
Follow the SharePoint Products Configuration Wizard. In the Connect to a server farm page, select Connect to an existing server farm option.
SharePoint Configuration Wizard
In the Specify Configuration Database Settings page, type the name of the SQL Server instance in the Database Server box and click Retrieve Database Names.
In the Database name list, select the Configuration database’s name and click Next.
In the Specify Farm Security Settings page, type the passphrase you set in the SharePoint Server Farm and click Next.
Complete the SharePoint Products Configuration Wizard. Once the wizard finishes, it will launch the Farm Configuration Wizard. You do not need to run this wizard, close it to continue.
In this task, you will verify that the SharePoint Server was correctly configured by creating a new SharePoint Site Collection.
If not already connected, connect to the first SharePoint virtual machine ( spvm1 ) using Remote Desktop Connection.
Open SharePoint 2013 Products Central Administrator.
Create a new Site Collection. To do this, click Create Site Collection link under Application Management section within Central Administration page.
Application Management - Create Site Collections
In the Create Site Collection page, type a Title and a Description for the site collection. In the Web Site Address section, select /sites/ from the dropdown list and enter SPFWebApp.
Create Site Collection
In the Template Selection section, switch to Publishing tab and select Publishing Portal template. Then complete the Primary and Secondary Site Collection Administrators, use contoso[User name] where UserName is the one you configured in Deploying Active Directory HOL.
Create Site Collection
Leave the Quota Template with the default value and click OK to create the new Site Collection.
Once the Site Collection is ready, you will see a successfully created message. To test the site, click the URL shown.
Site Collection Created
If you are prompt for user and password, log on using a domain account (i.e.: The one you used for the Primary Site Collection Administrator).
Once logged on, you will see a site like the following one.
Site’s Home Page
Once in the site click Set up Site Permissions link
In the Permissions ribbon, click Anonymous Access.
Change settings to Entire Web Site and click OK.
Configuring anonymous access
Now, test the SharePoint Farm connecting to the second SharePoint Virtual Machine (spvm2). To do this, go back to the Windows Azure Portal and go to Virtual Machines section.
Select the second SharePoint virtual machine (spvm2) and click Connect to connect using Remote Desktop Connection.
Open SharePoint 2013 Products Central Administrator.
Click in Application Management in the Central Administration page.
Under Site Collections click View all sites collections link.
Select the site you created in the first SharePoint server (SPFWebApp), copy the site’s URL and paste it in an Internet Explorer browser inside the Virtual Machine. If the site is working properly, you will be able to log on and access to the same home page you accessed from the first SharePoint server.
In the Windows Azure Portal click on the first virtual machine SPVM1 | Endpoints | Add Endpoint to open the endpoint create wizard.
In the Add endpoint to virtual machine page, select the Add Endpoint option and then click the right arrow to continue.
Adding an endpoint
In the Specify endpoint details page, enter webport in the name field, select the TCP protocol, and enter 80 in the public and private port fields. Finally, click the check to confirm the endpoint creation.
Creating a web endpoint
Once the web endpoint is created in the first virtual machine, you will access the second virtual machine and add a load balancing endpoint. Enter the second virtual machine dashboard, click Endpoints link, and click Add Endpoint button on the bottom bar to start the endpoint creation wizard.
In the Add endpoint to virtual machine page, select the Load-balance traffic on an existing endpoint option. Then, select the webport endpoint from the list and click the arrow to continue.
Add load balancing endpoint wizard
In the Specify endpoint details page, define the same settings as the previous endpoint. Enter a Name (e.g. webport) and a private port (e.g. 80). Click the check to create the load balancing endpoint.
Load balancing endpoint details
Wait until the endpoint is created, and the load balancing is enabled in both virtual machines.
To verify, select the endpoint in the list and click Edit endpoint.
Notice that both virtual machines are configured as load-balanced machines. If you enter to the first virtual machine and edit its web endpoint, it will show the same configuration.
Edit endpoint details
Enter SPVM1 dashboard and locate the quick glance section. Take note of the virtual machine DNS and IP.
Virtual machine IP load balancing
Now enter SPVM2 dashboard and locate the quick glance section. Notice that the both virtual machines have the same virtual IP address and URL. That means, the load balancing is transparent for the user when a web site is retrieved. Internally, Windows Azure will redirect the traffic to either SPVM1 or SPVM2 hosts.
Virtual machine IP load balancing 2
Finally, start a new browser session and browse to the virtual machine URL. The URL should look like http://myservice.cloudapp.net/sites/SPFWebApp
In this hands-on lab you have learnt how to create a SharePoint farm, connected with Active Directory and SQL Server.