In the last post, we covered the Requirements for installing Service Provider Foundation (SPF). Now we will walk through the installation of Service Provider Foundation.
You can install Service Provider Foundation on a single server or on multiple servers, with at least one server that has Microsoft SQL Server installed to contain the Service Provider Foundation database.
A side-by-side installation of different Service Provider Foundation versions that are on the same server is not supported.
The Setup wizard configures Service Provider Foundation along with the web services that you select for that computer. Installation of Service Provider Foundation onto a virtual machine is supported.
Before you install Service Provider Foundation, do the following:
- Make sure that each computer has sufficient RAM and hard disk space for all the web services that you intend to install. Also, be sure to have the prerequisite software installed.
- Make sure that you have a domain user account with administrative privileges on the computers on which you want to install Service Provider Foundation.
- Close any open programs, and make sure that the computer does not have a restart pending.
If there is a problem with the installation completing successfully, refer to the log files, named “Microsoft Service Provider*.log”, in the %SYSTEMDRIVE%%TEMP% folder.
You can also run a silent, unattended, installation.
To install Service Provider Foundation
On the server where you want to install Service Provider Foundation, double-click SetupOrchestrator.exe on the installation media to start the System Center 2012 – Orchestrator 2012 R2 Setup Wizard.
Note: We recommend that you run setup as Administrator. Doing so allows Customer Experience and Microsoft Update choices to be retained later in the setup.
On the main Setup page, click Service Provider Foundation.
On the Service Provider Foundation Setup page, click Install.
On the License Terms page, review the license agreement. If you agree with the terms, select the I have read, understood, and agree with the terms of the license agreement check box, and then click Next.
On the Prerequisites page, wait for the wizard to complete the prerequisite verification, and then review the results. If any of the prerequisites are missing, install the missing prerequisites, and then click Check prerequisites again.
When all of the prerequisites are met, click Next.
On the Configure the database server page, in the server text box, enter the name of the server that hosts SQL Server, or accept the default localhost. In Port Number, type the port number that accesses the database, or accept the default of 1433, and then click Next.
On the Specify a location for the SPF files page, accept or change the location for the web service files by using the Change Folder button. Optionally, change Website name. In the Port Number section, enter the Internet Information Services (IIS) port number that you want to use, or accept the default of 8090.
The Server certificate refers to a certificate to configure the site bindings for the Service Provider Foundation website in Internet Services Information (IIS) Manager. You can either generate a self-signed certificate or use an existing certificate.
Important: We recommend that generated self-signed certificates be used only for a testing purposes in a non-production environment.
On the Configure the Admin web service page, in the Domain security groups or users text box, type the domain and user name of each security group or user who will use this web service. Use the format domainuser name, and use a semicolon to separate multiple entries, for example, SC.LABJohnDoe; SC.LABTestGroup.
For application pool credentials, select the type of account that you want to use:
- Select Service Account, and then type the domain name, user name, and password of the account that you want the application pool to use.
Make sure that the application pool account exists in the domain and that it has sufficient permissions to manage the server.
- To use an internal system account, select Network Service.
We recommend that you do not use Network Service but instead use a Service Account using domain credentials.
If you select Network Service, the account must be a System Center 2012 R2 Virtual Machine Manager administrator, or it must have enough permission to perform the Service Provider Foundation requests.
In the same manner, specify the settings for Configure the Provider web service, and then click Next.
In the same manner, specify the settings for Configure the VMM web service, and then click Next.
In the same manner, specify the settings for Configure the Usage web service, and then click Next.
Choose the desired options on the Help improve Microsoft System Center Service Provider Foundation and Microsoft Update page, and then click Next.
Choices made on this page are not retained unless setup was run as Administrator.
On the Installation summary page, review your selections, and then do one of the following:
- Click Previous to change any selections.
- Click Install to install Service Provider Foundation.
After you click Install, the installation progress indicator appears.
Click Close when the message “Setup is complete” appears.
Repeat this procedure for each installation, such as for a web farm.
NOTE: When I opened Internet Information Manager (IIS), and attempted to browse the SPF website, I encountered the following error.
Notice that the error message says: “A default document is not configured for the requested URL, and directory browsing is not enabled on the server.”
And the solution? Enable directory browsing using IIS Manager by doing the following.
Open IIS Manager. In the Features view, double-click Directory Browsing.
On the Directory Browsing page, in the Actions pane, click Enable.
After enabling Directory Browsing, I was then able to browse the SPF site successfully.
The Service Account(s) that we configured for the Application Pools need to be added into the Security Group(s) we used for each Service.
In my lab example, the Application Pool account used is: SCSPF_AppPool, and the Security Groups are: SCSPF_Admins, SCSPF_Providers, SCSPF_VMM, and SCSPF_Usage.
Also, the Service Account(s) we used, needs to be added as an Administrator within SCVMM. In the SCVMM console, navigate to Settings > Security > User Roles > Administrator, and add the Service Account(s).
You will also need to grant the Service Account permissions in SQL Server that is running the Service Provider Foundation database. Open the SQL Server Management Studio, and connect to the SQL Server running the SPF database. Navigate to Security > Logins, and add the Service Account.
Open the account properties, navigate to User Mapping, and select the “SysAdmin” server role. Then click OK.
So that’s the installation of Service Provide Foundation (SPF). Now what? Well, SPF can be used with Portal systems like System Center App Controller, and Windows Azure Pack, to deliver Infrastructure As A Service (IaaS). In a related series, I will write about deploying the Windows Azure Pack.