3. About Spencer Harbar
Microsoft Certified Solutions Master | SharePoint
Microsoft Certified Architect | SharePoint 2010
Microsoft Certified Solutions Master | SharePoint Instructor & Author
Microsoft Certified Master | SharePoint 2010
Microsoft Certified Master | SharePoint 2007
Most Valuable Professional | SharePoint Server
SharePoint Patterns & Practices Advisory Board Member
Works with Microsoft’s largest enterprise customers
Works with SharePoint Product Group on Readiness
Author for MSDN & TechNet
4. Agenda
•Introduction to Workflow Manager
•Workflow Manager high level architecture
•Topology options
•Installation and configuration
•Business continuity management
6. What is Workflow Manager?
•Formerly Azure Workflow Server/Services (AWS) Same “code base” as Windows Azure Service Bus
•Windows Workflow Foundation
•Scalable and reliable workflow engine
•REST based
•Multi-tenant capable
7. Comparing 2010 and 2013 Workflows
•SharePoint 2010
–Legacy approach
–Primarily for backwards compatibility (e.g. upgrade)
–Tightly coupled to SharePoint Servers
–In Process
–Declarative or custom code
–Available both in SharePoint Foundation and SharePoint Server
•SharePoint 2013
•Present and Future
•Decoupled from SharePoint, and supporting other consuming platforms
•Declarative only
•On Premises or Cloud
•Consistent with .NET Framework Workflow
•Much more capable
•App friendly
•Available in SharePoint Server only
9. Architecture Overview
SharePoint
Content
Events
Sharing
People
2010 Workflow
_API (REST OM)
Access Control
OAuth
Service Bus
Workflow Manager
Workflow Service Application Proxy
Workflow Services Manager
Instances
Interop
Deployment
Messaging
Workflow Client
10. Workflow Manager –Front End / Back End
•Resource Management Services
•Workflow and Activity CRUD operations
•Instance Management Services
•Instance queries
•Application Events and Control Messages
•Workflow Host
•Service Bus
12. Workflow Manager Client
•Microsoft.Workflow.Client.dll
•Manage workflows (“definitions”), monitor, initiate, and communicate with instances
•Required on all SharePoint servers
–Handles communication with Workflow Manager
13. Workflow Service Application Proxy
•SharePoint construct
•Registered with PowerShell
•Broker for all calls to Workflow Manager
•Dependent upon Workflow Manager Client
14. Workflow Services Manager
•API for managing, monitoring and interacting with workflows –CSOM, JSOM, REST
–Instances: Access to running instances, including sending messages
–Deployment: Saving/publishing/changing workflow definitions, validating XAML, etc.
–Messaging: Handles how messages are sent from SharePoint to Workflow Manager
–Interop: Interaction with 2010 workflow
15. Messaging
•Inbound notifications
–Start/stop workflow
–Events
–Management
–One-way only
•Outbound work
–REST/Web service calls
–Workflow Back-End destination
–GET, PUT, POST, DELETE, MERGE
•Outbound notifications
–RegisterInterest
–Confirmation
Message
Workflow Manager
Message
Notification
17. Topologies
•One or three servers
–NOT two, NOT four, NOT six, NOT eight….
–Service Bus and quorum implementation
•Each component must run on each server
–Workflow Manager and Service Bus
•There are NO other supported topologies
–A farm of two (or four, six etc) can of course be built, but it is NOT supported
–And more importantly, it won’t provide high availability
18. Topologies: co-located
•Running Workflow Manager on adequately resourced Web Servers in the SharePoint farm
–Carefully factor this into your overall farm topology design
Workflow Manager
Workflow Manager
Workflow Manager
21. Planning for performance and throughput
•Consider scale upfront
–Workflow expands rapidly
–New platform enables high scale but you need a plan!
•Regularly occurring large loads
–Examples include expense reports, timesheets etcat end of financial period
•Common gotcha: Network Interface configuration
–Between SharePoint and Workflow Farms
–Between Workflow farms and external systems
22. Scaling out
•Multi-server farm
–Workload automatically distributed
–Load balancer for client interaction/REST calls
–Workflow Manager: Maximum of three servers
•Factors
–CPU –Workflow Manager, Service Bus, SQL
–I/O –SQL
–Network throughput & latency
•Scale SQL Server first
–Likely to be the first bottleneck
–Server distribution –Workflow Manager and Service Bus databases on different database servers
–SQL optimization (file I/O, sizing, etc)
–However keep it practical (!)
24. Hardware and Software Requirements
•Hardware
–Minimum RAM: 2Gb
–Minimum CPU: 2 GHz Dual Core
–Minimum Disk: 1Gb Free
•Operating System
–Windows Server 2008 R2 Service Pack 1 (x64)
–Windows Server 2012 (x64)
–Development purposes only:
•Windows 7 Service Pack 1 (x64)
•Windows 8 (x64)
25. Software Pre-requisites
•.NET Framework 4 Platform Update 3 or .NET Framework 4.5
•PowerShell 3.0
•Service Bus 1.0
•Workflow Client 1.0
•Installed using Web Platform Installer (WebPI)
–Download can be “cached” and performed offline
26. SQL Server Requirements
•Versions and Editions
–SQL Server 2012 (or Express)
–SQL Server 2008 R2 SP1 (or Express)
•Configurations
–Collation: Default, SP, Binary
–Clustering
–Mirroring
–AlwaysOn
•Security
–Windows authentication
–SQL Server Authentication
27. Environment Requirements
•SQL Server connectivity
–TCP/IP
•SQL Browser service running on SQL Server
•Whilst stated, this is NOT actually a requirement!
–Named Pipes
•SQL Server machine name < 16 characters (NetBIOS restriction)
•Firewall
–Ports 1443, 12290 and 12291 available (default)
–Windows Firewall automatically configured if selected (default) during Workflow Manager Farm creation
–Strongly recommended to use the default ports
28. User Requirements
•Configuration user
–The account used when configuring Workflow Manager
–Similar to the SharePoint “Setup User”
–Local Admin on servers
–DBCreatorand SecurityAdmin(or pre-create)
–Also called “Logged In user” or “Current user” in some documentation
•RunAsuser
–Service Account Identity
–Used for Workflow Manager & Service Bus services
–Can be a separate account for each
–Built-In accounts NOTsupported
–Fully qualified UPN format (user@domain.com)–this is NOT strictly required
–Granted Log on as a Service right during configuration
•Don’t use the same account for both!
29. Service Account Password ChangesWorkflow Manager and Service Bus
•If Service Accounts are expired by policy:
–Using the Configuration Account, or other Workflow Manager and Service Bus Administrator account
–
•Watch out! MSDN refers to interactively logging in as the service account!
–msdn.microsoft.com/en- us/library/windowsazure/jj193456(v=azure.10).aspx
–msdn.microsoft.com/en- us/library/windowsazure/jj193007(v=azure.10).aspx
30. SharePoint 2013 Requirements
•Interaction between SharePoint and Workflow Manager farms is OAuth2. Therefore requires:
–App Management Service Instance and Service Application
–User Profile Service Instance and Service Application
–Users must be populated in the Profile store
•and have valid User Principal Name (UPN)
•Workflow Manager validates users by UserPrincipalName(UPN)
–Ensures they have rights to start instances
•If not, instance cancelled
•One of the reasons 2013 Workflows are not available in SharePoint Foundation
31. Certificates
•OAuth2 should always be SSL
–Therefore the Workflow Manager Farm should use SSL
–Don’t forget the SharePoint side!
•Service Bus
–Farm Certificate
–Encryption Certificate
•Workflow Manager
–Services SSL Certificate
–Encryption Certificate
–Outbound Signing Certificate
32. Certificates -Choices
•Auto Generated
–Suitable for most deployments
–Provide Generation Key
–Required for every server to join Workflow Manager Farm
•Record this value!
–Configuration takes care of copying them/creating them
•Use existing (Domain CA Issued)
–Must be in the Local MachinePersonal certificate store for all computers in farm
–Administrators responsibility to create them and copy them to each machine in the farm(s)
–Multi server farms must include a Subject Alternative Name for the DNS domain, e.g. *.fabrikam.com
33. Installation
•Install and configure SharePoint farm
–Including Workflow Manager Client on every server
•Install and configure Workflow Manager farm
–Logged in as Configuration Account
–Web Platform Installerhttp://bit.ly/WebPIWM
34. Offline Install
•On an Internet connected machine:
–Download and install WebPICmd.exe http://bit.ly/WebPIv4
–From an Administrator Command prompt:
•webpicmd/offline /Products:WorkflowManager/Path:c:OfflineWorkflow
–Will download Workflow Manager and it’s pre-reqsto the specified folder
•Copy contents to intended Workflow Manager server
•On Workflow Manager Server(s):
–From an Administrator Command Prompt:
–WebpiCmd.exe /Install /Products:WorkflowManager/XML:c:offlineWorkFlowfeedslatestwebproductlist.xml
–To install Workflow Client (on SharePoint Servers):
–WebpiCmd.exe /Install /Products:WorkflowClient/XML:c:offlineWorkFlowfeedslatestwebproductlist.xml
35. Leaving a Farm
•Rename a Server
–Remove from Farm
–Rename Server
–Join back to Farm
•Reduce Farm to one Server
–Remove allmachines (keep databases)
–Join existing farm from existing machine
36. Connecting to SharePoint
•MSMQ Configuration
–Optional Configuration
–Enables Asynchronous Event Messaging
–Supports disconnected scenarios (e.g. maintenance windows in large environments)
–Enable MSMQ on SharePoint Servers
–In this case, Workflow Manager can NOT be co- located with SharePoint
•PowerShell
$proxy = Get-SPWorkflowServiceApplicationProxy
$proxy.AllowQueue= $true;
$proxy.Update();
37. Validating install and configuration
•Get-SBFarmStatus& Get-WFFarmStatus
–Will report on Windows Services state and http(s) availability
–Windows Services:
•Workflow Manager Backend
•Service Bus Message Broker <-will often take a while to start
•Service Bus Gateway
•Windows Fabric Host Service
•SharePoint
–SharePoint Service Application Proxy
–SharePoint Designer Platform Type
–But neither validate it’s actually working!
–The ONLY way to properly test is to create, publish and execute a 2013 Workflow!
42. Disaster Recovery overview
•Recovery
–Database restore
–Point-in-Time (temporally similar)
•Databases
–Workflow and Service Bus Farm Management DBs not required
•Full farm or individual tenant (scope)
43. DR preparations –data tier
•Standard SQL techniques
–Mirroring
–Log Shipping
–Availability Groups
•Use standard SQL Backup and restore
–Service Bus and Workflow manager has the required cmdlets
44. DR preparations –compute tier
•Cold Standby
–Create a new farm using SQL Backups, or replicated data, and scripts
•Warm Standby
–Secondary farm, with compute nodes turned off
–Use scripts to resume standby farm
•Hot Standby
–Notsupported
45. Disaster Recovery Requirements
•Symmetric Key
–Keep it in a safe place
–Without it you will NOT be able to restore
•Note time of “disruption”
–The approximate time is required to replay some operations
•Databases
–All Service Bus and Workflow databases, except the two Management databases, are required for a full Workflow Manager restore operation
46. DR Scenarios 1/2
•Loss of one or more Workflow/Service Bus databases
–Uninstall Workflow Manager
–Reinstall Workflow Manager
–Restore Database Backups
–Use the Service Bus/Workflow Restore Process and then scale-out
•Loss of entire Workflow farm
–Restore databases
–Rebuild farm and use the Restore Process and then scale-out
47. DR Scenarios 2/2
•Loss of a WF/SB server
–Install Workflow Manager on a new server
-Drop the Management Databases, use the Restore Process and then scale-out
-or
-Remove the old WF/SB Server and join a new one
•Loss of a Workflow Scope
–Restore Backup (do not overwrite)
–Use the Restore-WFScopecmdlet
48. Full Restore Process
•Restore Service Bus Farm
–Creates new SB Management database
–Use the same ports and configuration
–Use the Install account
•Restore Service Bus Gateway
•Restore Service Bus Message Container
–Specify the Id of the container
•Add Service Bus host to machine
•Configure Service Bus Namespace
–Using the original Symmetric key
49. Full Restore Process (cont.)
•Restore Workflow Farm
–Creates a new Management database
–Specify the time of disruption, used for consistency checks
–Verification log (relative path) contains warnings about “suspect” inflight workflows
•Add Workflow host to machine
•On host 2 and 3
–Add the Service Bus Host
–Add the Workflow Host
50. Applying Updates
•Co-ordinating updates between SharePoint and Workflow Manager
–After applying updates, you should rerun Register-SPWorkflowServicewith the -Force switch.
–Adds a new deployment group
–Republishes any updated SharePoint activities (in SharePoint update) to the Workflow Manager farm
52. Summary
•Understand the Workflow Manager architecture
•Configure and Deploy Workflow Manager
•Apply appropriate business continuity strategies for Workflow Manager
53. Workflow Manager Articles
•Core Concepts, High Availability, Certificate and SharePoint considerations http://www.harbar.net/articles/wfm1.aspx
•End to End Configuration using Auto Generated Certificates and NLB http://www.harbar.net/articles/wfm2.aspx
•Switching an existing farm to use Domain CA issued certificates http://www.harbar.net/articles/wfm3.aspx
•End to End Configuration using Domain CA issued certificates http://www.harbar.net/articles/wfm4.aspx
•Workflow Manager Disaster Recovery –Preparationshttp://www.wictorwilen.se/workflow-manager-disaster-recovery-–- preparations