SharePoint Workflow Manager quick review and setup guide

What is Workflow Manager

  • Formerly Azure Workflow Server/Services (AWS)
    – Same “code base” as Windows Azure Service Bus
  • Windows Workflow Foundation – .NET 4.5
  • Scalable and reliable workflow engine
  • REST based
  • Multi-tenant capable – logical construct of “scopes” provides partitioning

SharePoint 2013 Workflow Manager in comparison with 2010

  • Future of WF
  • Decoupled from SharePoint, and supporting other consuming platforms
  • Declarative only
  • On Premises or Cloud
  • Consistent with .NET Framework Workflow
  • Much more capable
  • App friendly
  • Available in SharePoint Server only

Topologies

One or three servers (Service Bus and quorum implementation)

What is Workflow Manager

  • Formerly Azure Workflow Server/Services (AWS)
    – Same “code base” as Windows Azure Service Bus
  • Windows Workflow Foundation – .NET 4.5
  • Scalable and reliable workflow engine
  • REST based
  • Multi-tenant capable – logical construct of “scopes” provides partitioning

SharePoint 2013 Workflow Manager in comparison with 2010

  • Future of WF
  • Decoupled from SharePoint, and supporting other consuming platforms
  • Declarative only
  • On Premises or Cloud
  • Consistent with .NET Framework Workflow
  • Much more capable
  • App friendly
  • Available in SharePoint Server only

Topologies

One or three servers (Service Bus and quorum implementation)

  • Co-located – Running Workflow Manager on adequately resourced Web Servers in the SharePoint farm – Carefully factor this into your overall farm topology design
  • Dedicated – One Workflow farm serves one SharePoint farm
  • Federated – Workflow Manger farm serving multiple SharePoint Farms (be careful of DR complexity)
  • ‘Distributed’ – Multiple Workflow Manger farms serving multiple SharePoint tenants (And potentially SharePoint Farms)

Scaling out

Multi-server farm: Workload automatically distributed; Load balancer for client interaction/REST calls; Workflow Manager: Maximum of three servers;

Factors:CPU – Workflow Manager, Service Bus, SQL; I/O – SQL; Network throughput & latency;

Scale SQL Server first: Likely to be the first bottleneck; Server distribution (Workflow Manager and Service Bus databases on different database servers); SQL optimization (file I/O, sizing, etc);

However keep it practical (!) – REF Wictor’s topology sesion (Real-world SharePoint architecture decisions)

Installation and Configuration

Hardware and Software Requirements

Hardware:

  • Minimum RAM: 2Gb
  • Minimum CPU: 2 GHz Dual Core
  • Minimum Disk: 1Gb Free

Operating System:

  • Windows Server 2008 R2 Service Pack 1 (x64)
  • Windows Server 2012 (x64)
  • Development purposes only:
  • Windows 7 Service Pack 1 (x64)
  • Windows 8 (x64)

Software Pre-requisites

  • .NET Framework 4 Platform Update 3 or .NET Framework 4.5 (.NET Framework 3.5 ???)
  • PowerShell 3.0
  • Service Bus 1.0
  • Workflow Client 1.0

Installed using Web Platform Installer (WebPI). Offline installation possible with WebpiCmd.exe

SQL Server Requirements

Versions and Editions

  • SQL Server 2012 (or Express)
  • SQL Server 2008 R2 SP1 (or Express)

Configurations

  • Collation: Default, SP, Binary
  • Clustering
  • Mirroring
  • AlwaysOn

Security

  • Windows authentication
  • SQL Server Authentication

Environment Requirements

SQL Server connectivity

  • TCP/IP
  • SQL Browser service running on SQL Server (Whilst stated, this is NOT actually a requirement!)
  • Named Pipes
  • SQL Server machine name < 16 characters (NetBIOS restriction)

Firewall

  • Ports 1443, 12290 and 12291 available (default)
  • Windows Firewall automatically configured if selected (default) during Workflow Manager Farm creation
  • Strongly recommended to use the default ports

User (Account) Requirements

Configuration user (Setup User)
The account used when configuring Workflow Manager, similar to the SharePoint “Setup User”.
Local Admin on servers; DBCreator and SecurityAdmin (or pre-create).
Also called “Logged In user” or “Current user” in some documentation
RunAs user(s)
Service Account Identity. Used for Workflow Manager & Service Bus services. Can be a separate account for each service. Built-In accounts NOT supported.
Fully qualified UPN format (user@domain.com) – this is NOT strictly required.
Granted Log on as a Service right during configuration.

SharePoint 2013 Requirements

Interaction between SharePoint and Workflow Manager farms is OAuth 2. Therefore requires:

  • App Management Service Instance and Service Application
  • User Profile Service Instance and Service Application
  • Users must be populated in the Profile store and have valid User Principal Name (UPN)

Workflow Manager validates users by UserPrincipalName (UPN). Ensures they have rights to start instances. If not, instance cancelled.

Certificates

OAuth2 should always be SSL
Therefore the Workflow Manager Farm should use SSL.   Don’t forget the SharePoint side!
Service Bus: Farm Certificate, Encryption Certificate
Workflow Manager: Services SSL Certificate, Encryption Certificate, Outbound Signing Certificate

Auto Generated
Suitable for most deployments
Provide Generation Key
Required for every server to join Workflow Manager Farm. (Record this value!)
Configuration takes care of copying them/creating them

Use existing (Domain CA Issued)
Must be in the Local MachinePersonal certificate store for all computers in farm
Administrators responsibility to create them and copy them to each machine in the farm(s)
Multi server farms must include a Subject Alternative Name for the DNS domain, e.g. *.fabrikam.com

Installation (offline) step-by-step

Ensure hardware/software requirements. Ensure/configure your server (time, time zone, IP, hostname, domain, language, region, ESC, updates, event log).

Accounts you need (for example):

  • Svc-WFM-FarmAdm – domain users + local admin on WFM Servers, DBCreator and SecurityAdmin on SQL
  • Svc-WFM-SBAcc – domain users
  • Svc-WFM-WFAcc – domain users

DNS: wfm.contoso.kz points to Workflow Manager Server (or load-balancer)

On an Internet connected machine:

  • Download and install WebPICmd.exe  http://bit.ly/WebPIv4
  • From an Administrator Command prompt:
    webpicmd.exe /AcceptEULA /offline /Products:WorkflowManager /Path:c:OfflineWorkflow
    (Will download Workflow Manager and it’s pre-reqs to the specified folder)

Copy contents “c:OfflineWorkflow” to intended servers.

On SharePoint Servers:

  • enshure updates (run psconfig)
  • Start Microsoft SharePoint Foundation Subscription Settings Service
  • Start App Management Service

Run Powershell commands (admin):

$account = Get-SPManagedAccount "domainSvc-SP15-SvcApplP"
$sssdbname = "SP15_SubscriptionSettingsService"
$appsvcdbname = "SP15_AppManagementService"
# SubscriptionSettingsServiceApplication
$appPoolSubSvc = New-SPServiceApplicationPool -Name SubscriptionSettingsServiceAppPool -Account $account
$appSubSvc = New-SPSubscriptionSettingsServiceApplication -ApplicationPool $appPoolSubSvc -Name SubscriptionSettingsServiceApp -DatabaseName $sssdbname
$proxySubSvc = New-SPSubscriptionSettingsServiceApplicationProxy -ServiceApplication $appSubSvc
#  App Management service
$appPoolAppSvc = New-SPServiceApplicationPool -Name AppServiceAppPool -Account $account
$appAppSvc = New-SPAppManagementServiceApplication -ApplicationPool $appPoolAppSvc -Name AppManagementService -DatabaseName $appsvcdbname
$proxyAppSvc = New-SPAppManagementServiceApplicationProxy -ServiceApplication $appAppSvc

From an Administrator Command Prompt::
install WebPICmd.exe
WebpiCmd.exe /Install /Products:WorkflowClient  /XML:c:offlineWorkFlowfeedslatestwebproductlist.xml /AcceptEULA

restart-computer, Updates, Event Viewer

On Workflow Manager Server(s), From an Administrator Command Prompt:

add .NET 3.5 feature
install WebPICmd.exe
WebpiCmd.exe /Install /Products:WorkflowManager /XML:c:offlineWorkFlowfeedslatestwebproductlist.xml /AcceptEULA
cliconfg – set SQL Server Alias
consider admins (privileged) group
Configuration Wizard: Start | All Programs | Workflow Manager 1.0 | Workflow Manager Configuration
Store cert gen key
 

Validating install and configuration

Get-SBFarmStatus & Get-WFFarmStatus: Will report on Windows Services state and http(s) availability

Windows Services:

  • Workflow Manager Backend
  • Service Bus Message Broker      <- will often take a while to start
  • Service Bus Gateway
  • Windows Fabric Host Service

Certificates:

On SharePoint servers:
Open “https://wfm.contoso.kz:12290”, save certificate, then:
$trustCert=Get-PfxCertificate “C:Distrswfm.cer”
New-SPTrustedRootAuthority -Name “Workflow Manager Farm” -Certificate $trustCert

From IIS export certificate, copy file to WFM servers, On WFM servers: add to trusted…

Register-SPWorkflowService :

On SharePoint servers:
Register-SPWorkflowService -SPSite “https://sharepoint.contoso.com” -WorkflowHostUri “https://wfm.contoso.com:12290”

 

Federated WFM Topology

If you want multiple SharePoint 2013 farms to use the same Workflow farm (Federated WFM Topology)
… you should use the ScopeName parameter of the Register-SPWorkflowService cmdlet.
That parameter will create a new Scope in the Workflow farm, and with that create an isolated container for this new SharePoint farm.
Some people say in this case -Force parameter needed.
So on our second farm we run this PowerShell cmdlet:

1
2
3
4
Register-SPWorkflowService
    -SPSite https://farmb.corp.local
    -WorkflowHostUri https://wffarm.corp.local:12290
    -ScopeName FarmB
-Force

 

Workflow Manager Business Continuity Management

Service Account Password Changes

Workflow Manager and Service Bus.If Service Accounts are expired by policy. Using the Configuration Account, or other Workflow Manager and Service Bus Administrator account.

$newPassword = ConvertTo-SecureString -String "NewPassword" -AsPlainText -Force

# to run on each host of the Service Bus farm
Stop-SBHost -Verbose
Update-SBHost -RunAsPassword $newPassword -Verbose
Start-SBHost -Verbose
# to run on each host of the Workflow manager Farm
Stop-WFHost -Verbose
Update-WFHost -RunAsPassword $newPassword -Verbose
Start-WFHost -Verbose

Rename a Server

  • Remove from Farm
  • Rename Server
  • Join back to Farm

Reduce Farm to one Server

  • Remove all machines (keep databases)
  • Join existing farm from existing machine

Workflow manager Step-By-Spep Setup Guide

==============

sources: