# IT:AD:Documentation:Implementation #



<callout type="Navigation" class="small">

* [[../|(UP)]]
{{indexmenu>.#2|nsort tsort}}


</callout>


<panel title="Summary">
Developing software and chucking it over the fence is not enough.
Have to write a document that will allow IT of client to install your software on hardware they will *not* allow you to access.


</panel>


## Checklist ##

* Document Flow:
    * Traditional stuff
    * Staget Sign Off:
        * Hardware configuration
        * AD Identities
        * Certificate creation and installation
        * WebServer configuration
        * Db Server configuration
        * WebSite installation
        * Database installation


* List Prerequisites: 
    * Operating System
        * eg: Windows Server 2008
    * Network
        * IP addresses of NIC cards
        * Inbound/outbound tcp Ports opened, for Domain, on xxx.
    * Identities
        * Services: 
            * IIS AppPool identity
                * Use LUsrMgr.msc to mark as service.
                * AD Group membership.
            * other.
    * Server Roles
        * eg: IIS Version: 7.5
        * eg: IIS 7 Management (sp?)
        * eg: IIS 6 Management Compatibilty
        * eg: WebDeploy
        * eg: SqlServer version: 2008 R2
    * Certificates
        * eg: SSL
            * Creation requirements
            * Installation process
        * eg: Service client signage
            * Common scenarios are:
                * In UAT install the test self-signed CA (in Trusted Root Key Store).
                * Install a remote server's public key, maybe for signing parts of the mssage (in Trusted Poeple)
                    * If self signed (eg: UAT) put it also in Trusted Root key store)
                * Install a cert to authenticated one self with a well known CA (in Personal Store)
                    * Install its CA in Trusted Root.
            * Creation requirements
            * Installation process
                * Ensure IIS AP Identity can use it 
                    * Start/Run/MMC/Add/Certificates, LocalMachine, OK.
                    * Select Store, rightclick, all tasks, import, change type to see *.pfx, import, enter password.
                    * Find cert, Right-click, select All Tasks, Select Manage Private Key, and add idendity to it, giving it FUll COntrol and Read.
                    * Verify Chain of Authority.

    * Service Account Role Membership
        * IIS Application Pool Identity Role Membership
    * IIS Application Pool configuration
        * Name, Framework, Managed Pipeline, Start mode, Ping
        * Identity used.
* List constraints. Examples could be something like:
    * Sharepoint cannot be installed on an AD DC.
    * K2 Installation must be on different server than 

* Preparation of WebServer
    * INETMgr.msc
    * Create AppPool
        * Set Identity
    * Create WebSite
        * Name, AP, Physical Path, IP address.
        * Set Mapping.
        * Initial install, test with index.html page.
* Preparation of Database Server
    * Login to Db 
    * Create a Db 
        * any specific settings (Collation, etc)
    * Create a DBMS User (mapped to IIS AD Identity) 
        * AD User will vary depending on ST, UAT, PROD.
    * Create a DB Login 
    * Create Database 
        * Alt: Update database procedure






* Installation of WebSites
    * eg: Run WebInstaller MSI
        * Select WebSite
        * Select Virtual Directory (EES.vX.X)
        * Select AP
        * Unpack
    * List configuration settings 
        * for the different environments:
            * Dev (Optional)
            * ST
            * UAT
            * PROD
        * Use a table: [FilePath, XPath, Default Value, Options]
            * Example: `/web.config`, `configuration/appSettings[@configSource]`, `configuration\{{ENV}}\appSettings.config`, {{ENV}}=ST|UAT|PROD
    * move things around
    * Remap