Deploy a WES
In the following procedures, you will deploy a Well-Enabled
Service (WES). These procedures can be used to deploy any of the
Well-Enabled Services available with this kit. Server names used in
these procedures follow the conventions established in the
associated Microsoft Solutions for Hosters. See the following list
for additional details about the solutions upon which each WES
depends:
Note
A WES must be deployed on a server that has been preconfigured
as a Microsoft Provisioning System (MPS) client.
Procedure CSFINT.1: To
install Web Service Enhancements (WSE) 3.0
- Log on to PROV01 as a member of the Domain Admins group.
- Launch Microsoft Internet Explorer and navigate to
Web Services Enhancements (WSE).
- Follow the instructions for downloading and installing WSE
3.0.
Procedure CSFINT.2: To
install a Well-Enabled Service
- Log on to PROV01 as a member of the Domain Admins group.
- Copy the Connected Services Framework (CSF) Integration Kit
installer, CSFKIT.msi, to PROV01.
- Double-click CSFKIT.msi, and then click Next
to begin the installation process.
- On the License Agreement page, choose
I accept the terms in the license agreement, and
then click Next.
- Fill out the Customer Information form, and
then click Next.
- On the Setup Type page, select the
Custom option, and then click
Next.
Note
Leave Complete selected if you want to install
all WESes and the WES Generator at once. You must have Microsoft
Visual Studio 2005 installed on PROV01 to be able to install the
WES Generator.
- On the Custom Setup page, click the drive icon
to the left of any components you do not want to install, select
Entire feature will be unavailable, and then click
Next.
- On the Ready to Install the Program page,
click Install.
- On the Installer Wizard Completed page, click
Finish.
Note
The following procedure only needs to be performed once per
domain.
Procedure CSFINT.3: To
create a Well-Enabled Service application pool account
- Log on to AD01 using an account that is a member of the Domain
Administrators group.
- On the taskbar, click Start, point to
Administrative Tools, and then click
Active Directory Users and Computers.
- Right-click Users, point to
New, and then click User.
- In the New Object-User dialog box, type
MPSWesAppPoolAcct as the First
name and the User logon name, and then
click Next.
- In the next New Object - User dialog box,
clear the User must change password at next logon
check box. Enter the password twice, and then select
Password never expires.
Note
The service account cannot have a blank password or a password
that will expire.
- Click Next. Verify the information you have
entered, and then click Finish.
- In Active Directory Users and Computers,
select Users organizational unit (OU), and then,
in the right pane, double-click the
MPSWesAppPoolAcct account.
- Select the Member Of tab, and then click
Add.
- In the Name field, type
MPFClientAccts, and then click
OK.
- Click OK.
Procedure CSFINT.4: To add
the MPSWesAppPoolAcct to the IIS_WPG group
- Log on to PROV01 as a member of the Domain Admins group.
- On the taskbar, click Start, point to
Administrative Tools, and then click
Computer Management.
- Expand System Tools, expand Local
Users and Group, and then click
Groups.
- In the Group list in the right-hand pane,
right-click IIS_WPG (IIS Worker Process
Group).
- Click Add to Group.
- Click Add.
- Type Fabrikam\MPSWesAppPoolAcct. Click
OK, and then click OK again.
In the following procedure, you will configure the
MPSWesAppPoolAcct with permissions to the registry. This allows the
WES to raise application events when the
Microsoft.Practices.Enterprise.Logging features are enabled via the
Web.Config file.
Procedure CSFINT.5: To
configure the MPSWesAppPoolAcct for event logging
- On PROV01, click Start, click
Run, and then type Regedit. Click
OK.
- In the Registry Editor, expand
HKEY_LOCAL_MACHINE, expand SYSTEM
, expand CurrentControlSet, expand
Services, and then expand
Eventlog.
- Right-click the EventLog key, and then choose
Permissions.
- Click the Add button.
- Type Fabrikam\MPSWesAppPoolAcct, and then
click OK.
- Ensure that Allow permission is selected for
Full Control, and then click
OK.
- Close the Registry Editor.
Procedure CSFINT.6: To
create an application pool for the WES
- Log on to PROV01 as a member of the Domain Admins group.
- Click Start, point to Administrative
Tools, and then click Internet Information
Services (IIS) Manager.
- Right-click Application Pools, click
New, and then select Application
Pool.
- In Application pool ID, type
MPSWesAppPool, and then click
OK.
- Right-click the new application pool, and then select
Properties.
- Click the Identity tab, and then choose the
Configurable option.
- In User name, type
Fabrikam\MPSWesAppPoolAcct.
- In Password, enter the password you set when
creating the MPSWesAppPoolAcct. Enter the password again when
prompted, and then click OK.
Note
IIS does not confirm that the password you entered is correct
for the MpsWesAppPoolAcct. If your application pool fails to
function, an incorrect password may be the problem.
Perform the following procedure once for each WES you plan to
deploy.
Procedure CSFINT.7: To
configure each WES Virtual Directory
- Log on to PROV01 as a member of the Domain Admins group.
- Click Start, point to Administrative
Tools, and then click to Internet Information
Services (IIS).
- Click PROV01, expand Web
Sites, and then click Default Web
Site.
- Right-click the WESname virtual directory, and then
select Properties.
- On the Virtual Directory tab, select
MPSWesAppPool from the Application
Pool drop-down list.
- Select the ASP.NET tab, and then select the
2.0.* version from the ASP.NET version list.
- Click Apply, and then click
OK.
Notes
- The Well-Enabled Services described in this kit support
anonymous access with MPS credentials passed in Simple Object
Access Protocol (SOAP) messages. It is critical that you secure
this communication channel by installing a Secure Sockets Layer
(SSL) certificate on the Web server and requiring secure
communications between all calling systems and the server hosting
these pages. To learn how to install an SSL Certificate, see
Enable Secure Sockets Layer.
- Alternatively, the user can use Web Services Enhancements 3.0
(WSE) security - for instance, using X509 certificates. Review the
WSE 3.0 documentation supplied with the WSE 3.0 distribution you
downloaded in the To install Web Service Enhancements (WSE) 3.0
procedure earlier in this topic.
- The Well-Enabled Services described in this kit each have a
policyCache.config file that is utilized to configure WSE
features.