it:ad:documentation:implementation

IT:AD:Documentation:Implementation

Summary

Developing software and chucking it over the fence is not enough. Have to write a document that will allow IT of client to install your software on hardware they will not allow you to access.

Checklist

  • Document Flow:
    • Traditional stuff
    • Staget Sign Off:
      • Hardware configuration
      • AD Identities
      • Certificate creation and installation
      • WebServer configuration
      • Db Server configuration
      • WebSite installation
      • Database installation
  • List Prerequisites:
    • Operating System
      • eg: Windows Server 2008
    • Network
      • IP addresses of NIC cards
      • Inbound/outbound tcp Ports opened, for Domain, on xxx.
    • Identities
      • Services:
        • IIS AppPool identity
          • Use LUsrMgr.msc to mark as service.
          • AD Group membership.
        • other.
    • Server Roles
      • eg: IIS Version: 7.5
      • eg: IIS 7 Management (sp?)
      • eg: IIS 6 Management Compatibilty
      • eg: WebDeploy
      • eg: SqlServer version: 2008 R2
    • Certificates
      • eg: SSL
        • Creation requirements
        • Installation process
      • eg: Service client signage
        • Common scenarios are:
          • In UAT install the test self-signed CA (in Trusted Root Key Store).
          • Install a remote server's public key, maybe for signing parts of the mssage (in Trusted Poeple)
            • If self signed (eg: UAT) put it also in Trusted Root key store)
          • Install a cert to authenticated one self with a well known CA (in Personal Store)
            • Install its CA in Trusted Root.
        • Creation requirements
        • Installation process
          • Ensure IIS AP Identity can use it
            • Start/Run/MMC/Add/Certificates, LocalMachine, OK.
            • Select Store, rightclick, all tasks, import, change type to see *.pfx, import, enter password.
            • Find cert, Right-click, select All Tasks, Select Manage Private Key, and add idendity to it, giving it FUll COntrol and Read.
            • Verify Chain of Authority.
    • Service Account Role Membership
      • IIS Application Pool Identity Role Membership
    • IIS Application Pool configuration
      • Name, Framework, Managed Pipeline, Start mode, Ping
      • Identity used.
  • List constraints. Examples could be something like:
    • Sharepoint cannot be installed on an AD DC.
    • K2 Installation must be on different server than
  • Preparation of WebServer
    • INETMgr.msc
    • Create AppPool
      • Set Identity
    • Create WebSite
      • Name, AP, Physical Path, IP address.
      • Set Mapping.
      • Initial install, test with index.html page.
  • Preparation of Database Server
    • Login to Db
      • Create a Db
        • any specific settings (Collation, etc)
      • Create a DBMS User (mapped to IIS AD Identity)
        • AD User will vary depending on ST, UAT, PROD.
      • Create a DB Login
      • Create Database
        • Alt: Update database procedure
  • Installation of WebSites
    • eg: Run WebInstaller MSI
      • Select WebSite
      • Select Virtual Directory (EES.vX.X)
      • Select AP
      • Unpack
    • List configuration settings
      • for the different environments:
        • Dev (Optional)
        • ST
        • UAT
        • PROD
      • Use a table: [FilePath, XPath, Default Value, Options]
        • Example: /web.config, configuration/appSettings[@configSource], configuration\{{ENV}}\appSettings.config, env=ST|UAT|PROD
      • move things around
      • Remap


  • /home/skysigal/public_html/data/pages/it/ad/documentation/implementation.txt
  • Last modified: 2023/11/04 03:23
  • by 127.0.0.1