Posted tagged ‘Pre-install’

App Portal Pre-installation Requirements

August 22, 2013

We are almost ready to perform our installation of the App Portal.  Before we do, we need to ensure that we have a few things ready, configured, and installed before we start.

Points of Consideration

  • Active Directory
  • User-Computer Relationship
  • App Portal Web Service Locations
  • Service Account
  • DNS Alias
  • Database

Active Directory: The App Portal obtains data from Active Directory as well as your deployment system (SCCM in our case).  User data is refreshed when AD User Discovery is run.  Be sure that this is set to run at regular intervals.

In SCCM 2012, you can check this by going to Administration > Overview > Hierarchy Configuration > Discovery Methods > Active Directory User Discovery.  Double click and then select the Polling Schedule tab.

User-Computer Relationship: The App Portal supports several methods for user to computer relationship mapping, including custom options.  The built-in options (for SCCM 2012) include: Use SCCM last logon user; Use SCCM Primary Console Usage; Use AD Computer Managed By; Use User Affinity

I’ve selected Use User Affinity for my implementation.

Want to change the user to computer relationship?  No problem.  Connect to the Admin space on the App Portal website and navigate to Site Management > Settings > Deployment > SCCM 2012.  Change the User / Computer relationship setting.

App Portal Web Service Locations: Depending on the deployment technology, SCCM 2007, SCCM 2012, or Altiris, there are different requirements as to where the App Portal Web Service needs to be installed.  For our SCCM 2012 implementation, we only need to install this web service on the CAS (or single primary).

Service Account: The App Portal requires a service account for installation.  This account requires access to SCCM and to the SCCM database.

We will be using sccmService for our service account.

DNS Alias: It is recommended that you have a DNS alias for App Portal.  I’ve setup appportal for my alias (creative, right?).

Database: App Portal only supports Windows Authentication for SQL.  Further the installing/service account requires DBO permissions.

App Portal Installation Files

  • AppPortalSetup_2013.exe: This is the installer for the App Portal Website, Service, and Database.
  • AppPortalWebServiceSetup.exe: This is the installer for the App Portal Web Service.
  • ActiveX Control for Internet Explorer.msi: Use this MSI to create a Package/Program in your deployment system to deploy to your App Portal client systems.  This MSI is used to identify the system connecting to the App Portal Web Site.  Don’t worry if you don’t use Microsoft Internet Explorer, App Portal supports most of the common internet browsers.  The ActiveX control wouldn’t be needed in those instances.

System Requirements

There are a number of requirements that needs to be in place in order for the App Portal to function properly.  Using the AppPortal2013InstallGuide.pdf as my reference, I’ve divided these into the following four areas:

  • Environment Requirements
  • Client Requirements
  • Server Requirements
  • Information Checklist

Environment Requirements

  • Active Directory Requirements: The App Portal requires a minimum of 2003 functional level for Active Directory.
  • DNS Requirements: IF you are going to leverage reverse DNS as a computer discovery method in the App Portal, your DNS environment will require a reverse DNS zone.
  • Deployment Technology: App Portal 2013 supports SCCM 2007, SCCM 2012, and Altiris.
  • Additional Altiris Requirements: Please reference the AppPortal2013InstallGuide.pdf for these requirements.
  • Inventory Requirements: App Portal relies on hardware inventory to function properly.  For SCCM, be sure hardware inventory is enabled.
  • Distribution Requirements: Software distribution must be enabled in SCCM for App Portal to function properly if you want to use it to distribute software in SCCM.  If you want to deliver Operating Systems then you’ll need to have OSD setup as well.
  • Discovery Requirements: Active Directory User Discovery must be enabled.  Additionally, there are several extensions that App Portal relies on.  These include: Mail; Department; Title; distinguishedName; manager; company; l (lower case L – location); postalCode; sn; givenName; physicalDeliveryOfficeName; DisplayName (SCCM 2012 only).
    • Go back into Active Directory User Discovery Properties in the Configuration Manager Console and click on the Active Directory Attributes tab to add the extensions displayed above.  After you make these changes be sure to initiate a discovery in order to collect this data.
  • Database Requirements: App Portal works on Microsoft SQL Server 2012, 2008, or 2005.
  • Mail System Requirements: App Portal needs an SMTP-compatible mail system in order to send notifications.
  • Internet Information Server (IIS) Requirements: The App Portal requires Microsoft IIS 7.0 or greater.
  • Authentication Requirements: App Portal requires Windows Authentication in to validate user credentials in AD.
  • Network Connectivity Requirements: The App Portal Website should be on the same physical network as the SCCM database (or Altiris database) and have a high speed connection (<= 100MB).
  • .NET Framework: App Portal uses .NET Framework 4.0 (or higher) App Portal Website and App Portal Web Service.  All other site servers require .NET Framework 2.0 SP1 or higher.

Still hanging in there?

Client Requirements

This is a MUCH shorter list:

  • Operating System Requirements: For Windows systems, App Portal supports Windows XP and higher.  App Portal can support any system which is an SCCM client.  We will show that with the Application Model at a later time…
  • Browser Requirements: For the ActiveX control to function, App Portal requires Internet Explorer 8.0 or higher.  App Portal also supports FireFox, Chrome, and Safari.  If you use these browsers you will need to use a different discovery method (or Alternate discovery method).
  • Trusted Sites: The App Portal website (DNS alias) should be added to Trusted Sites in Internet Explorer.

Server Requirements

App Portal Server Requirements are broken down in the following sections:

  • App Portal Web Service
  • App Portal Installation Platform
  • App Portal Service Account

App Portal Web Service

This requirement is for SCCM only, skip this for Altiris.

For SCCM 2007, the App Portal Web Service needs to be installed on the CEN as well as each primary site server.  For SCCM 2012, the App Portal Web Service will need to be installed on the CAS (or single primary) server.

App Portal Installation Platform

The server that will be hosting the App Portal Web Site and the App Portal Service must have IIS 7.0 or greater and must be Windows Server 2008 or greater (Windows Server 2008 R2 or greater is preferred).

App Portal Service Account

The App Portal service account will be used to interact with SQL and AD.  The APP Portal service account will require administrative permissions on client workstations if you with for the App Portal to successfully initiate machine policy evaluation to accelerate software deployments.

The  App Portal service account must have Read permission on the deployment system’s database and Read/Write permission on the App Portal database after installation (The install requires DBO).

Information Checklist

Almost ready to begin our pre-installation work, just need to ensure we have the following information available.

  • Deployment Server Name: This is going to be the CAS, CEN, or single Primary Site Server in SCCM.
  • All Primary Site Servers (SCCM 2007 only)
  • SQL Server Name
  • SQL Instance Name (if any)
  • SQL Installation Type
  • Service Account
  • Verify AD User Discovery Enabled
  • Verify AD Group Discovery Enabled
  • Verify AD System Discovery Enabled
  • SMTP Server Name

Preparing the App Portal Server

This is our last step before we begin our installations.  This work will be performed on the server that will host the App Portal Website, Service, and Database.  If you recall, that would be FLEXAP1 in my configuration (Windows Server 2012).

On the App Portal Server we will be performing the following tasks:

  • Install Required Roles
  • Configure IIS
  • Enable Computer Browser Service

Install Required Roles

We will be installing the Application Server and IIS roles.  If I were installing this on a Windows Server 2008 system , I would have to install .NET Framework 4.0 BEFORE I installed these roles.

  • In Server Manager, on the Dashboard, select Add roles and features.
  • If prompted with a Before you begin screen, click Next.
  • On the Select installation type screen, ensure that Role-based or feature-based installation is selected, and then click Next.
  • Validate that the local server is selected on the Select destination server screen and then click Next.
  • On the Select server roles screen select Application Server and Web Server (IIS), click Add Features when prompted, and then click Next.
  • Click Next on the Select features screen.
  • Click Next on the Application Server screen.
  • On the Select role services screen, leave .NET Framework 4.5 enabled, select Web Server (IIS) Support, click Add Features when prompted, and then click Next.

AP App Server Role Services

  • Click Next on the Web Server (IIS) screen.
  • On the Select role services, leave all the defaults and then check the following: IIS 6 Management Compatibility (and all sub-features); Management Service; .NET Extensibility 3.5; ASP; ASP.NET 3.5; Application Initialization.  Click Next.  PS, don’t worry if you miss one, the installer will let you know!
  • Click Install on the Confirm installation selections screen.

Configure IIS

Since my installation was done on Windows Server 2012, there is an additional step that I need to take in order for App Portal to function properly.  If you recall, App Portal relies on Windows Authentication.  IIS 8 in Windows Server 2012 has this locked by default…. so we need to enable that.

  • Open Internet Information Services (IIS) Manager.
  • Expand Sites from under the computer name and then click on Default Web Site.
  • In the middle pane, under Management, double click Configuration Editor.
  • In Configuration Editor, in the Section drop down, select system.webServer > security > authentication > windowsAuthentication.
  • In the Actions pane, under Section, click Unlock Section.

AP IIS Configuration Editor

  • Close Internet Information Services (IIS) Manager.

Enable Computer Browser Service

The Computer Browser Service is used during installation to validate that the service account works properly.  Check to ensure that the service is running (services.msc).  If it is disabled, enable it for the installation.  If you are not able to enable this service, uncheck the “Verify” setting during that portion of the installation.

We will begin installing the App Portal environment in the next post!

Advertisements