Designing, deploying, and managing Workflow Manager farmsSpencer HarbarArchitect
SPC356
Wictor WilénArchitect
IntroductionsWictor WilénDirector, SharePoint Architect , AuthorConnecta AB, Sweden
Spencer HarbarSharePoint ArchitectEdinburgh, United Kingdom
Honorable shout out and thanks to:Wayne EwingtonPrincipal Consultant, Microsoft New Zealand
Agenda
Introduction to Workflow ManagerWorkflow Manager high level architectureTopology optionsInstallation and configurationBusiness continuity management
What is Workflow Manager?Formerly Azure Workflow Server/Services (AWS)Same “code base” as Windows Azure Service Bus
Windows Workflow Foundation.NET 4.5
Scalable and reliable workflow engineREST basedMulti-tenant capablelogical construct of “scopes” provides partitioning
Comparing 2010 and 2013 WorkflowsSharePoint 2010Legacy approachPrimarily for backwards compatibility (e.g. upgrade)Tightly coupled to SharePoint ServersIn ProcessDeclarative or custom codeAvailable both in SharePoint Foundation and SharePoint Server
SharePoint 2013FutureDecoupled from SharePoint, and supporting other consuming platformsDeclarative onlyOn Premises or CloudConsistent with .NET Framework WorkflowMuch more capableApp friendlyAvailable in SharePoint Server only
High level architecture
Architecture OverviewSharePoint
ContentEvents SharingPeople2010
Workflow
_API (REST OM)
Access Control
OAuth
Service Bus
Workflow Manager
Workflow Service Application Proxy
Workflow Services Manager
Instances Interop
Deployment
Messaging
Work
flow
Clie
nt
Workflow Manager – Front End / Back EndLogically split into Front End and Back End
Front EndResource Management ServicesWorkflow and Activity CRUD operationsInstance Management ServicesInstance queriesApplication Events and Control Messages
Back EndWorkflow HostService Bus
Service Bus Guaranteed message delivery
Publish/SubscribeLoosely coupled
Workflow Manager Client Microsoft.Workflow.Client.dll
Manage workflows (“definitions”), monitor, initiate, and communicate with instances
Required on all SharePoint serversHandles communication with Workflow Manager
Workflow Service Application ProxySharePoint construct
Registered with PowerShell
Broker for all calls to Workflow Manager
Dependent upon Workflow Manager Client
Workflow Services Manager API for managing, monitoring and interacting with workflows – CSOM, JSOM, REST Instances: Access to running instances, including sending messagesDeployment: Saving/publishing/changing workflow definitions, validating XAML, etc.Messaging: Handles how messages are sent from SharePoint to Workflow Manager
Interop: Interaction with 2010 workflow
MessagingInbound notificationsStart/stop workflowEventsManagementOne-way only
Outbound workREST/Web service callsWorkflow Back-End destinationGET, PUT, POST, DELETE, MERGE
Outbound notificationsRegisterInterestConfirmation
Message
Workflow Manager
Message
Notification
Topologies
TopologiesOne or three serversNOT two, NOT four, NOT six, NOT eight….Service Bus and quorum implementation
Each component must run on each serverWorkflow Manager and Service Bus
There are NO other supported topologies
Remember! One or three servers!A farm of two (or four, six etc) can of course be built, but it is NOT supportedAnd more importantly, it won’t provide high availability
Topologies: co-locatedRunning Workflow Manager on adequately resourced Web Servers in the SharePoint farmCarefully factor this into your overall farm topology design
load balancer
Workflow Manager
Workflow Manager
Workflow Manager
Topologies: FederatedWorkflow Manger farm serving multiple SharePoint Farms
load balancer
Workflow Manager
Scope 1(SP Farm 1)
Scope 2(SP Farm 2)
Topologies: ‘Distributed’Multiple Workflow Manger farms serving multiple SharePoint tenantsAnd potentially SharePoint Farms
load balancer
Workflow Manager
Scope 1(SP Tenant1)
Scope 2(SP Tenant 2)
Workflow Manager
Scope 1(SP Tenant3)
Scope 2(SP Tenant 4)
SP Tenant 1
SP Tenant 2
SP Tenant 3
SP Tenant 4
Planning for performance and throughputConsider scale upfrontWorkflow expands rapidlyNew platform enables high scale but you need a plan!
Regularly occurring large loadsExamples include expense reports, timesheets etc at end of financial period
Common gotcha: Network Interface configurationBetween SharePoint and Workflow FarmsBetween Workflow farms and external systems
Scaling outMulti-server farmWorkload automatically distributedLoad balancer for client interaction/REST callsWorkflow Manager: Maximum of three servers
FactorsCPU – Workflow Manager, Service Bus, SQLI/O – SQLNetwork throughput & latency
Scale SQL Server firstLikely to be the first bottleneckServer distribution – Workflow Manager and Service Bus databases on different database serversSQL optimization (file I/O, sizing, etc)However keep it practical (!) – REF Wictor’s topology sesion
Installation and Configuration
Hardware and Software RequirementsHardwareMinimum RAM: 2GbMinimum CPU: 2 GHz Dual CoreMinimum Disk: 1Gb Free
Operating SystemWindows Server 2008 R2 Service Pack 1 (x64)Windows Server 2012 (x64)Development purposes only:
Windows 7 Service Pack 1 (x64)Windows 8 (x64)
Software Pre-requisites.NET Framework 4 Platform Update 3 or .NET Framework 4.5PowerShell 3.0Service Bus 1.0Workflow Client 1.0
Installed using Web Platform Installer (WebPI)Download can be “cached” and performed offlineMore details later
SQL Server RequirementsVersions and EditionsSQL Server 2012 (or Express)SQL Server 2008 R2 SP1 (or Express)
ConfigurationsCollation: Default, SP, BinaryClusteringMirroringAlwaysOn
SecurityWindows authenticationSQL Server Authentication
Environment RequirementsSQL Server connectivityTCP/IP
SQL Browser service running on SQL ServerWhilst stated, this is NOT actually a requirement!
Named PipesSQL Server machine name < 16 characters (NetBIOS restriction)
FirewallPorts 1443, 12290 and 12291 available (default)Windows Firewall automatically configured if selected (default) during Workflow Manager Farm creationStrongly recommended to use the default ports
User RequirementsConfiguration userThe account used when configuring Workflow ManagerSimilar to the SharePoint “Setup User”Local Admin on serversDBCreator and SecurityAdmin (or pre-create)Also called “Logged In user” or “Current user” in some documentation
RunAs userService Account IdentityUsed for Workflow Manager & Service Bus servicesCan be a separate account for eachBuilt-In accounts NOT supportedFully qualified UPN format ([email protected]) – this is NOT strictly requiredGranted Log on as a Service right during configuration
Don’t use the same account for both!
Service Account Password ChangesWorkflow Manager and Service BusIf Service Accounts are expired by policy:Using the Configuration Account, or other Workflow Manager and Service Bus Administrator account
Watch out! MSDN refers to interactively logging in as the service account!
msdn.microsoft.com/en-us/library/windowsazure/jj193456(v=azure.10).aspxmsdn.microsoft.com/en-us/library/windowsazure/jj193007(v=azure.10).aspx
SharePoint 2013 RequirementsInteraction between SharePoint and Workflow Manager farms is OAuth 2. Therefore requires:App Management Service Instance and Service ApplicationUser Profile Service Instance and Service ApplicationUsers must be populated in the Profile store
and have valid User Principal Name (UPN)
Workflow Manager validates users by UserPrincipalName (UPN)Ensures they have rights to start instances
If not, instance cancelled
One of the reasons 2013 Workflows are not available in SharePoint Foundation
CertificatesOAuth2 should always be SSLTherefore the Workflow Manager Farm should use SSL Don’t forget the SharePoint side!
Service BusFarm CertificateEncryption Certificate
Workflow ManagerServices SSL CertificateEncryption CertificateOutbound Signing Certificate
Certificates - ChoicesAuto GeneratedSuitable for most deploymentsProvide Generation KeyRequired for every server to join Workflow Manager Farm
Record this value!Configuration takes care of copying them/creating them
Use existing (Domain CA Issued)Must be in the Local Machine\Personal certificate store for all computers in farmAdministrators responsibility to create them and copy them to each machine in the farm(s)Multi server farms must include a Subject Alternative Name for the DNS domain, e.g. *.fabrikam.com
InstallationInstall and configure SharePoint farmIncluding Workflow Manager Client on every server
Install and configure Workflow Manager farmLogged in as Configuration AccountWeb Platform Installerhttp://bit.ly/WebPIWM
Offline InstallOn an Internet connected machine:Download and install WebPICmd.exe http://bit.ly/WebPIv4 From an Administrator Command prompt:webpicmd /offline /Products:WorkflowManager /Path:c:\OfflineWorkflow
Will download Workflow Manager and it’s pre-reqs to the specified folder
Copy contents to intended Workflow Manager server
On Workflow Manager Server(s):From an Administrator Command Prompt:WebpiCmd.exe /Install /Products:WorkflowManager /XML:c:\offlineWorkFlow\feeds\latest\webproductlist.xml
To install Workflow Client (on SharePoint Servers):WebpiCmd.exe /Install /Products:WorkflowClient /XML:c:\offlineWorkFlow\feeds\latest\webproductlist.xml
Configuration WizardStart | All Programs | Workflow Manager 1.0 | Workflow Manager Configuration
Supported screen resolutions:Above 800 x 600 for 100% DPIAbove 1000 x 750 for 125 % DPIAbove 1200 x 900 for 150 % DPI
(seemingly irrelevant detail important in RDP scenarios!)
Leaving a FarmRename a ServerRemove from FarmRename ServerJoin back to Farm
Reduce Farm to one ServerRemove all machines (keep databases)Join existing farm from existing machine
Connecting to SharePointMSMQ ConfigurationOptional ConfigurationEnables Asynchronous Event MessagingSupports disconnected scenarios (e.g. maintenance windows in large environments)Enable MSMQ on SharePoint ServersIn this case, Workflow Manager can NOT be co-located with SharePoint
PowerShell$proxy = Get-SPWorkflowServiceApplicationProxy$proxy.AllowQueue = $true; $proxy.Update();
Validating install and configurationGet-SBFarmStatus & Get-WFFarmStatusWill report on Windows Services state and http(s) availabilityWindows Services:
Workflow Manager BackendService Bus Message Broker <- will often take a while to startService Bus GatewayWindows Fabric Host Service
SharePointSharePoint Service Application ProxySharePoint Designer Platform Type
But neither validate it’s actually working!The ONLY way to properly test is to create,publish and execute a 2013 Workflow!
Demo
Creating a new Workflow Manager FarmConnecting to SharePoint
Business Continuity Management
Fault TolerancePoints of Failure
Manual Workflow StartSharePoint Workflow Manager
20 seconds
Event NotificationWorkflow auto-start or mid-processing eventSharePoint Workflow Manager:
Will survive a server crash (durably stored)Content DB – Event Cache table
Processed when another workflow event happens
Workflow Backend processingService bus retriesOnce message is stored by Service Bus, processing is “guaranteed”SQL Server as durable message storage
Fault ToleranceService BusMessages are read and locked for a defined period of timeDefault = 45 secondsOther consumers cannot retrieve the message
On same subscriptionPeek/Lock Read
Reads and locks the message until it is deleted or lock duration expiresGuarantees at-least once delivery of message
Unlock MessageAbandons processing
Fault ToleranceService Bus
Once message retrieved, one of four things can happen1. Complete – consuming application successfully completes processing the message so
it is deleted from SBWorkflow does this when the workflow persists2. Abandon – consuming application discards the message so it is available for other
consumersWorkflow does this when an exception is thrown and caught during processing3. Renew – consuming application needs more time to process the message
Workflow does this automatically for long-running operations via a background threadNot as relevant to SharePoint style workflows
4. Expire – consuming application does not do one of the above before the lock time runs out. Message is now available to be picked up and processed again
E.g. Process crash
Message will be retried
Persistence PointsPersistence = Workflow state recorded in DBMessage transaction completed and message deleted from DBHappens onAny outbound callDelay activity/action
High AvailabilityThree servers required for high availabilityAlso provides load balancing
Scale SQL and SharePoint separately
MonitoringWorkflow Manager Pack for SCOMhttp://www.microsoft.com/en-us/download/details.aspx?id=35384
Disaster Recovery overviewRecoveryDatabase restorePoint-in-Time (temporally similar)
Databases Workflow and Service Bus Farm Management DBs not required
Full farm or individual tenant (scope)
DR preparations – data tierStandard SQL techniquesMirroringLog ShippingAvailability Groups
Use standard SQL Backup and restoreService Bus and Workflow manager has the required cmdlets
DR preparations – compute tierCold StandbyCreate a new farm using SQL Backups, or replicated data, and scripts
Warm StandbySecondary farm, with compute nodes turned offUse scripts to resume standby farm
Hot StandbyNot supported
Disaster Recovery RequirementsSymmetric KeyKeep it in a safe placeWithout it you will NOT be able to restore
Note time of “disruption”The approximate time is required to replay some operations
DatabasesAll Service Bus and Workflow databases, except the two Management databases, are required for a full Workflow Manager restore operation
DR Scenarios 1/2Loss of one or more Workflow/Service Bus databasesUninstall Workflow ManagerReinstall Workflow ManagerRestore Database BackupsUse the Service Bus/Workflow Restore Process and then scale-out
Loss of entire Workflow farmRestore databasesRebuild farm and use the Restore Process and then scale-out
DR Scenarios 2/2Loss of a WF/SB serverInstall Workflow Manager on a new server- Drop the Management Databases, use the Restore Process and then scale-out- or- Remove the old WF/SB Server and join a new one
Loss of a Workflow ScopeRestore Backup (do not overwrite)Use the Restore-WFScope cmdlet
Full Restore ProcessRestore Service Bus FarmCreates new SB Management databaseUse the same ports and configurationUse the Install account
Restore Service Bus GatewayRestore Service Bus Message ContainerSpecify the Id of the container
Add Service Bus host to machineConfigure Service Bus NamespaceUsing the original Symmetric key
Full Restore Process (cont.)Restore Workflow FarmCreates a new Management databaseSpecify the time of disruption, used for consistency checksVerification log (relative path) contains warnings about “suspect” inflight workflows
Add Workflow host to machine
On host 2 and 3Add the Service Bus HostAdd the Workflow Host
Applying UpdatesCo-ordinating updates between SharePoint and Workflow ManagerAfter applying updates, you should rerun Register-SPWorkflowService with the -Force switch. Adds a new deployment group Republishes any updated SharePoint activities (in SharePoint update) to the Workflow Manager farm
Wrap Up
Session Objectives and TakeawaysUnderstand the Workflow Manager architectureConfigure and Deploy Workflow ManagerApply appropriate business continuity strategies for Workflow Manager
MySPCSponsored by
connect. reimagine. transform.
Evaluate sessionson MySPC using yourlaptop or mobile device:myspc.sharepointconference.com
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.