IT:AD:Documentation:Implementation

(UP)

Summary

Developing software and chucking it over the fence is not enough. Have to write a document that will allow IT of client to install your software on hardware they will not allow you to access.

Checklist

Document Flow:
- Traditional stuff
- Staget Sign Off:
  - Hardware configuration
  - AD Identities
  - Certificate creation and installation
  - WebServer configuration
  - Db Server configuration
  - WebSite installation
  - Database installation
List Prerequisites:
- Operating System
  - eg: Windows Server 2008
- Network
  - IP addresses of NIC cards
  - Inbound/outbound tcp Ports opened, for Domain, on xxx.
- Identities
  - Services:
    - IIS AppPool identity
      
      Use LUsrMgr.msc to mark as service.
      
      AD Group membership.
    - other.
- Server Roles
  - eg: IIS Version: 7.5
  - eg: IIS 7 Management (sp?)
  - eg: IIS 6 Management Compatibilty
  - eg: WebDeploy
  - eg: SqlServer version: 2008 R2
- Certificates
  - eg: SSL
    - Creation requirements
    - Installation process
  - eg: Service client signage
    - Common scenarios are:
      
      In UAT install the test self-signed CA (in Trusted Root Key Store).
      
      Install a remote server's public key, maybe for signing parts of the mssage (in Trusted Poeple)
      
      If self signed (eg: UAT) put it also in Trusted Root key store)
      
      Install a cert to authenticated one self with a well known CA (in Personal Store)
      
      Install its CA in Trusted Root.
    - Creation requirements
    - Installation process
      
      Ensure IIS AP Identity can use it
      
      Start/Run/MMC/Add/Certificates, LocalMachine, OK.
      
      Select Store, rightclick, all tasks, import, change type to see *.pfx, import, enter password.
      
      Find cert, Right-click, select All Tasks, Select Manage Private Key, and add idendity to it, giving it FUll COntrol and Read.
      
      Verify Chain of Authority.
- Service Account Role Membership
  - IIS Application Pool Identity Role Membership
- IIS Application Pool configuration
  - Name, Framework, Managed Pipeline, Start mode, Ping
  - Identity used.
List constraints. Examples could be something like:
- Sharepoint cannot be installed on an AD DC.
- K2 Installation must be on different server than
Preparation of WebServer
- INETMgr.msc
- Create AppPool
  - Set Identity
- Create WebSite
  - Name, AP, Physical Path, IP address.
  - Set Mapping.
  - Initial install, test with index.html page.
Preparation of Database Server
- Login to Db
  - Create a Db
    - any specific settings (Collation, etc)
  - Create a DBMS User (mapped to IIS AD Identity)
    - AD User will vary depending on ST, UAT, PROD.
  - Create a DB Login
  - Create Database
    - Alt: Update database procedure
Installation of WebSites
- eg: Run WebInstaller MSI
  - Select WebSite
  - Select Virtual Directory (EES.vX.X)
  - Select AP
  - Unpack
- List configuration settings
  - for the different environments:
    - Dev (Optional)
    - ST
    - UAT
    - PROD
  - Use a table: [FilePath, XPath, Default Value, Options]
    - Example: /web.config, configuration/appSettings[@configSource], configuration\{{ENV}}\appSettings.config, env=ST|UAT|PROD
  - move things around
  - Remap