B: General administration tasks

AppFabric Cache

Installing AppFabric

NOTE: There are specific configurations required in AppFabric for Content Manager and SharePoint integration. If AppFabric is already installed, go to Configuring AppFabric.

The Microsoft AppFabric framework must be installed on Content Manager Workgroup Servers, where the integration is installed (Content Manager Farm). This is used to provide configuration caching across multiple servers.

  1. Download AppFabric 1.1 directly from Microsoft:

    http://www.microsoft.com/en-au/download/details.aspx?id=27115

    NOTE: Download and install the x64 version of AppFabric 1.1.

  2. Run the installer as Administrator. You can accept all the install wizard defaults, until you reach the Features page.

  3. Select all of the options.

    Complete the rest of the wizard with default settings to install AppFabric.

Configuring AppFabric

The configuration wizard usually starts automatically after installation.

  1. If already started, go to next step. If it fails to start, launch it manually from the Start menu, right-click Configure App Fabric and click Run as administrator.

  2. On the initial page, accept the wizard defaults and click Next.

  3. On the Hosting Services page, accept the defaults and click Next.

  4. On the Caching Services page, select the Set Caching Service configuration checkbox and click the Change.

  5. On the select user dialog, choose the Custom account option. Nominate a domain account for the AppFabric Caching Service, enter the relevant password and click OK.

  6. Select a caching service configuration provider. Click on the (Select a provider) drop down, select SQL Server AppFabric Caching Service Configuration Store Provider, and click Configure.

  7. On the AppFabric Server Caching Service Configuration Store dialog, select checkboxes for both:

    • Register AppFabric Caching Service configuration database
    • Create AppFabric Caching Service configuration database

    Fill in your SQL Server name and provide a name for the caching configuration store database. The example given is ‘CMCacheConfiguration’, but you can use any name you deem appropriate. This will create a new database in SQL Server. Click OK.

  8. Click Yes in the following prompt.

  9. Click OK in the confirmation dialog.

  10. Select the option New cluster and the cluster size (The cluster size depends on the number of Content Manager Workgroup Servers in your farm). Choose the appropriate option to match the number of servers. Click Next.

  11. On the Configure AppFabric Cache Node page, if you have Windows Firewall enabled, select both checkboxes:

    • AppFabric Server AppFabric Caching Service
    • Remote Service Management

    For other firewalls, you need to configure them manually to allow these ports, to enable communication between the SharePoint farm and Content Manager Servers. You will see a warning message, if the Windows Firewall is not enabled, click Next.

  12. Click Yes in the configuration settings prompt.

  13. A progress bar is displayed while the configuration settings are applied. Once this has completed, on the Application page, click Finish.

Joining a server to an existing cache cluster

  1. Follow steps 1-6 from the Configuring AppFabric section.

  2. On the AppFabric Server Caching Service Configuration Store dialog:

    1. Select the checkbox for Register AppFabric Caching Service configuration database.

    2. Leave the Create AppFabric Caching Service configuration database option unselected. Fill in your SQL Server name and select the database you created during initial configuration.

    3. Click OK.

  3. Click Yes in the following prompt.

  4. Click OK in the confirmation dialog.

  5. Select Join cluster option and Click Next.

  6. On the Cache Node page, click Next.

  7. Click Yes on the configuration settings prompt.

  8. A progress bar is displayed while the configuration settings are applied. Once this has completed, on the Application page, click Finish.

If AppFabric is already installed, an entry is made in the Programs and Features.

For troubleshooting issues with AppFabric, see the Troubleshooting AppFabric appendix.

Azure cache

The Azure cache capability is very much in flux at the moment, this section is up-to-date as of the publication date, but bear in mind that the cache creation process may change in the future.

NOTE: The managed cache PowerShell commands were added late May 2014, so if you already have Azure PowerShell installed and configured, make sure you update to the latest version.

There are two types of Azure caches that can be used:

  • Managed
  • Redis

The Redis cache is Microsof’s preferred cache to be used although both are still supported.

Managed cache

Creating a managed cache

Creating an Azure Managed Cache requires the use of Azure PowerShell. This is installed and configured on a local machine, and can be used to remotely administer/configure Azure.

  1. To install Windows Azure PowerShell, go to http://azure.microsoft.com/en-us/downloads/ and under the Windows PowerShell section, click on Install.

  2. Once installed, run Windows Azure PowerShell and connect to your subscription. This is beyond the scope of this document, but this article describes the process of installation and configuration:

    http://azure.microsoft.com/en-us/documentation/articles/install-configure-powershell/

To create an Azure cache for use by the integration, follow these steps:

  1. Start Windows Azure PowerShell and connect to the appropriate subscription.

  2. Run the following commands

    NOTE: Change the location to match your Azure VMs region.

    New-AzureManagedCache -Name cmcache -Location "East Asia" -Sku Basic -Memory 128MB
    Get-AzureManagedCache

  3. This creates a cachenamed ‘cmcache’, in the region that you define, and once created returns the details of caches in the current subscription.
  4. Once created, the cache can be managed from the Azure Management Portal.

Obtaining access keys

  1. Select the cache you just created and click on the MANAGE KEYS option in the bottom toolbar.

  2. On the Manage Access Keys dialog, Click Copy to Clipboard next to the PRIMARY ACCESS KEY.

  3. On the clipboard prompt, click Allow access

Redis cache

Creating a Redis cache

To create an Azure Redis cache, navigate to the Azure portal.  At the time of writing, you must use the preview version of the portal to perform this task (https://portal.azure.com)

  1. Log in to Azure portal and select Create a resource.

  2. On the new page, select Databases and then select Azure Cache for Redis.

  3. Complete the requested details to create the cache.

Obtaining endpoint and access keys

Log in to Azure portal and navigate to All Resources > Redis cache > Overview page.

  • Endpoint: The Host name is the Azure cache endpoint. Select and copy the value.

  • Primary access key: Click the Show access keys link to reveal the keys in use.

  • Configured to use SSL: To determine if Redis cache is configured to use SSL, under the Ports section the value of Allow access only via SSL will indicate if the cache is configured to only us SSL.

HTTPS

Enabling HTTPS for a site

To enable HTTPS for the Content Manager SharePoint Server website, you will first need to have obtained an SSL certificate, or use an existing SSL certificate for your internal domain. There are a number of options to obtain a certificate, the process of obtaining the certificate is beyond the scope of this document, and there are lots of publicly available articles from Microsoft detailing the process:

Certificate Type

Notes

Suitable For

Commercial SSL Certificate

Obtained from a commercial SSL vendor such as GoDaddy, Thawte, Verisign, Digicert etc. These have an annual cost associated, but ARE required to secure communication with SharePoint Online environments

On premise, and SharePoint Online

Domain Certificate

Issued from an internal Active Directory Certification Authority, these can be used (at no cost) to secure internal sites on premise

On premise only

Self-signed Certificate

Created within IIS, can be used in some scenarios (SharePoint High-Trust) for testing/development

Not suitable

The following steps assume you have a valid SSL certificate added to IIS Server Certificates, available for use.

  1. Open IIS Manager, and navigate to the Content Manager SharePoint Server website.

  2. Right click on the site name in the Connections pane, and choose Edit Bindings.

  3. On the Site Bindings dialog, click Add.

  4. On the Add Site Binding dialog, change the Type to https and then select your certificate in the SSL certificate drop-down. Click OK.

    The https entry has been added. Close the Site Bindings dialog.

  5. To test, open a browser and navigate to https://<yourURL>/pages/dialogloader.html where yourURL is your load balanced URL, or the name of the Content Manager server, or configured host header. You should see the ‘Working on it’ page, without any certificate errors.

    The integration website is now configured to use HTTPS.

Disabling HTTP for a site

To remove the HTTP binding follow these steps:

NOTE: This can sometimes cause problems with an SSL secured integration website.

  1. Open IIS Manager, and navigate to the Content Manager SharePoint Server website.

  2. Right click on the site name in the Connections pane, and choose Edit Bindings.

  3. On the Site Bindings dialog, select the http entry you want to remove and click Remove.

  4. Click Yes on the confirmation prompt.

  5. Confirm the http entry has been removed and click Close on the Site Bindings dialog.

Certificate

Creating a self-signed certificate

This section details the steps to create a self-signed certificate.  It is assumed that you have already identified the folder that the certificate should be exported to, that the location has been created and the relevant permissions assigned to it.

  1. Open IIS Manager.

  2. In IIS Manager, select the server node in the tree view on the left.

  3. In the pane on the right (with “Features View” selected at the bottom) double click the “Server Certificates” icon.

    Description: Server Certificates option in IIS

  4. Select the Create Self-Signed Certificate link from the set of links on the right side.

  5. Give the certificate a suitable name and choose “Personal” as the certificate store.

    You should now see the certificate in the list of server certificates

  6. Right-click the certificate in the list, and then select Export.

  7. Enter the full path to the file (choosing “.pfx” as the extension) as well as a password for the certificate.  Click OK.

The following steps allow the creation of a corresponding “.cer” file for the certificate:

  1. In IIS Manager, select the server node in the tree view on the left.

  2. In the pane on the right (with “Features View” selected at the bottom) double click the “Server Certificates” icon.

  3. Locate the required certificate in the list, double-click it to show the certificate details, and go to the details tab.

  4. Choose “Copy to File” to launch the Certificate Export Wizard.

  5. Once the Certificate Export Wizard opens, click Next.

  6. Select “No, do not export the private key” and click Next.

  7. Select to export as “DER encode binary X.509”, and click Next.

  8. Specify the full file path to export the “.cer” file too, and click Next.

  9. Click Finish on the final page of the wizard.

Using the Certificate MMC snap in

To use the MMC (Microsoft Management Console), follow the steps:

  1. Open the Run window (Hit Start, type ‘run’, and launch).

  2. In the Run dialog, type in ‘mmc’ and click OK.

  3. When the console opens, go to the File menu and select Add/Remove Snap-ins.

  4. Select Certificates and click Add.

  5. On the Certificates snap-in dialog, select Computer account and click Next.

  6. Select Local computer: (the computer this console is running on), and click Finish.

  7. Click OK on the Add or Remove Snap-ins dialog.

Adding a certificate in the Trusted Root Certification Authorities store for a machine

  1. Open the machine MMC with the certificate snap in. 

  2. Expand the Certificates node in the left-hand pane.

  3. Expand the Trusted Root Certification Authorities node. Right-click on the Certificates sub-node, and select All Tasks ->Import.

    Description: C:\Users\theobald\AppData\Local\Temp\SNAGHTML520ee5e.PNG

  4. Choose the “.cer” file to be imported.
  5. Ensure Place all certificates in the following store is selected and the certificate store is Trusted Root Certification Authorities.
  6. Click Next.

More details can be found in this article: http://technet.microsoft.com/en-us/library/cc754841.aspx.

Port

Opening a port

To open a port in the Windows Server 2012 Firewall, follow the steps:

  1. Go to the Windows Start menu, and type ‘firewall’.

  2. Launch the Windows Firewall application.

  3. In the left-hand navigation pane, click Inbound Rules. In the Actions pane, click on New Rule.

    Description: C:\Users\theobald\AppData\Local\Temp\SNAGHTMLa62751.PNG

  4. In the New Inbound Rule Wizard, choose Port and click Next.

  5. Make sure TCP is selected, and enter the specific port for the integration website. In this example, port 22777 is being opened. Click Next.

  6. Accept the default option Allow the connection and click Next.

  7. Choose which profile to apply the rule to (You may just want to apply to the Domain profile). Click Next.

  8. Give the rule a name e.g. ‘Content Manager SharePoint Server website’ and description. Click Finish.

Determining ports in use by IIS

To determine which ports are already in use by existing IIS websites:

  1. Open IIS Manager, and in the left-hand Connections pane, select the Sites node.

  2. The list of websites, and their associated port bindings will be displayed in the main window.

Alternatively, to display a list of all ports in use (Not just IIS websites), follow these steps:

  1. Open a cmd prompt and type netstat –a

  2. A list of active ports will be displayed.

Prepare record types

It is necessary to identify and configure the record types that will be used in Content Manager for managing SharePoint content. 

Create SharePoint site and list record types

When managing content, a record is created to represent the site that the content resides on. Make sure to create "SharePoint site" and "SharePoint list" record types. Suitable record types must have a behavior in Content Manager. See, Determining the behavior of a record type.

For more information, refer Content Manager documentation to create suitable SharePoint site and SharePoint list record types.

Mark record types as suitable

For a record type to be suitable for use when managing SharePoint content, it must be marked as being suitable.  For each record type that is intended to be used to manage SharePoint content, it must be marked as being suitable. To mark the record type as suitable, follow the steps:

  1. Double-click on the record type and click Electronic tab.

  2. Ensure that this record type supports documents.

  3. Check the Records can be SharePoint List Item Records check box.

For details on how to access the list of record types, see the appendix Accessing the list of record types.

Ensure suitable numbering patterns

It is important that the numbering pattern you use for your record types will not clash with existing numbering.  Therefore, ensure that all record types that will be used for management of SharePoint content have unique numbering patterns and the next number to use is a number that is available.

This applies for record types that will be used to represent:

  • List items
  • Containers
  • SharePoint lists
  • SharePoint sites

For information regarding numbering patterns, see the Content Manager product documentation.

Accessing the list of record types

To access the list of Record Types:

  1. Open Content Manager, opening the relevant dataset.

  2. From the Records section of the Tools ribbon, click on Record Types.

  3. A list of Record Types in the current dataset will be displayed.

Determining the behavior of a record type

To confirm the behavior for a given Record Type:

  1. Open Content Manager, opening the relevant dataset.

  2. From the Records section of the Tools ribbon, click on Record Types.

  3. Double-click an existing record type in the list to open up the properties page, or right-click in white space and choose New Record Type to create a new one.

  4. On the General tab you can see the existing Behavior in the drop-down. Change this to the desired behavior and click OK to save.

Setting the permissions granted to a user type

It is possible to modify the permissions that are granted by default to a user type in Content Manager.  From the Administration tab, select the System button.

Select the User Types tab.  Select the User Type to be modified then add or remove the permissions to build the required default permission set for that type of user. Click OK to save these settings.