Spencer Harbar
Designing, deploying and managing
Workflow Manager farms
About Spencer Harbar
Microsoft Certified Solutions Master | SharePoint
Microsoft Certified Architect | SharePoint 2010
Microsoft Certified Solutions Master | SharePoint Instructor & Author
Microsoft Certified Master | SharePoint 2010
Microsoft Certified Master | SharePoint 2007
Most Valuable Professional | SharePoint Server
SharePoint Patterns & Practices Advisory Board Member
Works with Microsoft’s largest enterprise customers
Works with SharePoint Product Group on Readiness
Author for MSDN & TechNet
Agenda
• Introduction to Workflow Manager
• Workflow Manager high level architecture
• Topology options
• Installation and configuration
• Business continuity management
Introduction to Workflow Manager
What is Workflow Manager?
• Formerly Azure Workflow Server/Services
(AWS)Same “code base” as Windows Azure Service Bus
• Windows Workflow Foundation
• Scalable and reliable workflow engine
• REST based
• Multi-tenant capable
Comparing 2010 and 2013 Workflows
• SharePoint 2010
– Legacy approach
– Primarily for backwards
compatibility (e.g.
upgrade)
– Tightly coupled to
SharePoint Servers
– In Process
– Declarative or custom
code
– Available both in
SharePoint Foundation
and SharePoint Server
• SharePoint 2013• Present and Future
• Decoupled from SharePoint, and supporting other consuming platforms
• Declarative only
• On Premises or Cloud
• Consistent with .NET Framework Workflow
• Much more capable
• App friendly
• Available in SharePoint Server only
Workflow Manager high level
architecture
Architecture Overview
SharePoint
ContentEvents SharingPeople2010
Workflow
_API (REST OM)
Access Control
OAuth
Service Bus
Workflow Manager
Workflow Service Application Proxy
Workflow Services Manager
Instances Interop
Deployment Messaging
Wo
rkflo
w C
lie
nt
Workflow Manager – Front End / Back End
• Resource Management Services
• Workflow and Activity CRUD operations
• Instance Management
Services
• Instance queries
• Application Events and
Control Messages
• Workflow Host
• Service Bus
Service Bus
– Loosely coupled
Workflow Manager Client
• Microsoft.Workflow.Client.dll
• Manage workflows (“definitions”), monitor,
initiate, and communicate with instances
• Required on all SharePoint servers
– Handles communication with Workflow Manager
Workflow Service Application Proxy
• SharePoint construct
• Registered with PowerShell
• Broker for all calls to Workflow Manager
• Dependent upon Workflow Manager Client
Workflow Services Manager
• API for managing, monitoring
and interacting with workflows
– CSOM, JSOM, REST
– Instances: Access to running instances,
including sending messages
– Deployment: Saving/publishing/changing
workflow definitions, validating XAML, etc.
– Messaging: Handles how messages are sent
from SharePoint to Workflow Manager
– Interop: Interaction with 2010 workflow
Messaging
• Inbound notifications
– Start/stop workflow
– Events
– Management
– One-way only
• Outbound work
– REST/Web service calls
– Workflow Back-End destination
– GET, PUT, POST, DELETE, MERGE
• Outbound notifications
– RegisterInterest
– Confirmation
Message
Workflow Manager
Message
Notification
Topology Options
Topologies
• One or three servers
– NOT two, NOT four, NOT six, NOT eight….
– Service Bus and quorum implementation
• Each component must run on each server
– Workflow Manager and Service Bus
• There are NO other supported topologies
– A farm of two (or four, six etc) can of course be built, but it is NOT
supported
– And more importantly, it won’t provide high availability
Topologies: co-located
• Running Workflow Manager on adequately resourced Web
Servers in the SharePoint farm
– Carefully factor this into your overall farm topology design
Workflow Manager Workflow Manager Workflow Manager
Topologies: Federated
• Workflow Manger farm serving multiple SharePoint Farms
Workflow Manager
Scope 1(SP Farm 1)
Scope 2(SP Farm 2)
Topologies: ‘Distributed’
• Multiple Workflow Manger farms serving multiple
SharePoint tenants
• And potentially SharePoint Farms
Workflow Manager
Scope 1(SP Tenant1)
Scope 2(SP Tenant 2)
Workflow Manager
Scope 1(SP Tenant3)
Scope 2(SP Tenant 4)
SP Tenant 1
SP Tenant 2
SP Tenant 3
SP Tenant 4
Planning for performance and throughput
• Consider scale upfront
– Workflow expands rapidly
– New platform enables high scale but you need a
plan!
• Regularly occurring large loads
– Examples include expense reports, timesheets etc at
end of financial period
• Common gotcha: Network Interface
configuration
– Between SharePoint and Workflow Farms
– Between Workflow farms and external systems
Scaling out
• Multi-server farm– Workload automatically distributed
– Load balancer for client interaction/REST calls
– Workflow Manager: Maximum of three servers
• Factors– CPU – Workflow Manager, Service Bus, SQL
– I/O – SQL
– Network throughput & latency
• Scale SQL Server first– Likely to be the first bottleneck
– Server distribution – Workflow Manager and Service Bus databases on different database servers
– SQL optimization (file I/O, sizing, etc)
– However keep it practical (!)
Installation and configuration
Hardware and Software Requirements
• Hardware
– Minimum RAM: 2Gb
– Minimum CPU: 2 GHz Dual Core
– Minimum Disk: 1Gb Free
• Operating System
– Windows Server 2008 R2 Service Pack 1 (x64)
– Windows Server 2012 (x64)
– Development purposes only:
• Windows 7 Service Pack 1 (x64)
• Windows 8 (x64)
Software Pre-requisites
• .NET Framework 4 Platform Update 3 or .NET
Framework 4.5
• PowerShell 3.0
• Service Bus 1.0
• Workflow Client 1.0
• Installed using Web Platform Installer (WebPI)
– Download can be “cached” and performed offline
SQL Server Requirements
• Versions and Editions
– SQL Server 2012 (or Express)
– SQL Server 2008 R2 SP1 (or Express)
• Configurations
– Collation: Default, SP, Binary
– Clustering
– Mirroring
– AlwaysOn
• Security
– Windows authentication
– SQL Server Authentication
Environment Requirements
• SQL Server connectivity
– TCP/IP
• SQL Browser service running on SQL Server
• Whilst stated, this is NOT actually a requirement!
– Named Pipes
• SQL Server machine name < 16 characters (NetBIOS restriction)
• Firewall
– Ports 1443, 12290 and 12291 available (default)
– Windows Firewall automatically configured if selected (default)
during Workflow Manager Farm creation
– Strongly recommended to use the default ports
User Requirements
• Configuration user
– The account used when configuring Workflow Manager
– Similar to the SharePoint “Setup User”
– Local Admin on servers
– DBCreator and SecurityAdmin (or pre-create)
– Also called “Logged In user” or “Current user” in some documentation
• RunAs user
– Service Account Identity
– Used for Workflow Manager & Service Bus services
– Can be a separate account for each
– Built-In accounts NOT supported
– Fully qualified UPN format ([email protected]) – this is NOT strictly required
– Granted Log on as a Service right during configuration
• Don’t use the same account for both!
Service Account Password ChangesWorkflow Manager and Service Bus
• If Service Accounts are expired by policy:
– Using the Configuration Account, or other Workflow Manager and Service
Bus Administrator account
–
• Watch out! MSDN refers to interactively logging in as the service
account!
– msdn.microsoft.com/en-
us/library/windowsazure/jj193456(v=azure.10).aspx
– msdn.microsoft.com/en-
us/library/windowsazure/jj193007(v=azure.10).aspx
SharePoint 2013 Requirements
• Interaction between SharePoint and Workflow Manager
farms is OAuth 2. Therefore requires:
– App Management Service Instance and Service Application
– User Profile Service Instance and Service Application
– Users must be populated in the Profile store
• and have valid User Principal Name (UPN)
• Workflow Manager validates users by UserPrincipalName
(UPN)
– Ensures they have rights to start instances
• If not, instance cancelled
• One of the reasons 2013 Workflows are not available in
SharePoint Foundation
Certificates
• OAuth2 should always be SSL
– Therefore the Workflow Manager Farm should use SSL
– Don’t forget the SharePoint side!
• Service Bus
– Farm Certificate
– Encryption Certificate
• Workflow Manager
– Services SSL Certificate
– Encryption Certificate
– Outbound Signing Certificate
Certificates - Choices
• Auto Generated– Suitable for most deployments
– Provide Generation Key
– Required for every server to join Workflow Manager Farm
• Record this value!
– Configuration takes care of copying them/creating them
• Use existing (Domain CA Issued)– Must be in the Local Machine\Personal certificate store for all
computers in farm
– Administrators responsibility to create them and copy them to each machine in the farm(s)
– Multi server farms must include a Subject Alternative Name for the DNS domain, e.g. *.fabrikam.com
Installation
• Install and configure SharePoint farm
– Including Workflow Manager Client on every server
• Install and configure Workflow Manager farm
– Logged in as Configuration Account
– Web Platform Installer
http://bit.ly/WebPIWM
Offline Install
• On an Internet connected machine:
– Download and install WebPICmd.exe http://bit.ly/WebPIv4
– From an Administrator Command prompt:
• webpicmd /offline /Products:WorkflowManager/Path:c:\OfflineWorkflow
– Will download Workflow Manager and it’s pre-reqs to the specified folder
• Copy contents to intended Workflow Manager server
• On Workflow Manager Server(s):
– From an Administrator Command Prompt:– WebpiCmd.exe /Install /Products:WorkflowManager /XML:c:\offlineWorkFlow\feeds\latest\webproductlist.xml
– To install Workflow Client (on SharePoint Servers):– WebpiCmd.exe /Install /Products:WorkflowClient /XML:c:\offlineWorkFlow\feeds\latest\webproductlist.xml
Leaving a Farm
• Rename a Server
– Remove from Farm
– Rename Server
– Join back to Farm
• Reduce Farm to one Server
– Remove all machines (keep databases)
– Join existing farm from existing machine
Connecting to SharePoint
• MSMQ Configuration
– Optional Configuration
– Enables Asynchronous Event Messaging
– Supports disconnected scenarios (e.g.
maintenance windows in large environments)
– Enable MSMQ on SharePoint Servers
– In this case, Workflow Manager can NOT be co-
located with SharePoint
• PowerShell$proxy = Get-SPWorkflowServiceApplicationProxy$proxy.AllowQueue = $true; $proxy.Update();
Validating install and configuration
• Get-SBFarmStatus & Get-WFFarmStatus– Will report on Windows Services state and http(s) availability
– Windows Services:
• Workflow Manager Backend
• Service Bus Message Broker <- will often take a while to start
• Service Bus Gateway
• Windows Fabric Host Service
• SharePoint– SharePoint Service Application Proxy
– SharePoint Designer Platform Type
– But neither validate it’s actually working!
– The ONLY way to properly test is to create,publish and execute a 2013 Workflow!
Demonstration
Workflow Manager
Business continuity management
High Availability
• Three servers required for high availability
– Also provides load balancing
• Scale SQL and SharePoint separately
Monitoring
• Workflow Manager Pack for SCOM
– http://www.microsoft.com/en-
us/download/details.aspx?id=35384
Disaster Recovery overview
• Recovery
– Database restore
– Point-in-Time (temporally similar)
• Databases
– Workflow and Service Bus Farm Management
DBs not required
• Full farm or individual tenant (scope)
DR preparations – data tier
• Standard SQL techniques
– Mirroring
– Log Shipping
– Availability Groups
• Use standard SQL Backup and restore
– Service Bus and Workflow manager has the
required cmdlets
DR preparations – compute tier
• Cold Standby
– Create a new farm using SQL Backups, or
replicated data, and scripts
• Warm Standby
– Secondary farm, with compute nodes turned off
– Use scripts to resume standby farm
• Hot Standby
– Not supported
Disaster Recovery Requirements
• Symmetric Key
– Keep it in a safe place
– Without it you will NOT be able to restore
• Note time of “disruption”
– The approximate time is required to replay some
operations
• Databases
– All Service Bus and Workflow databases, except the two
Management databases, are required for a full
Workflow Manager restore operation
DR Scenarios 1/2
• Loss of one or more Workflow/Service Bus
databases
– Uninstall Workflow Manager
– Reinstall Workflow Manager
– Restore Database Backups
– Use the Service Bus/Workflow Restore Process and then
scale-out
• Loss of entire Workflow farm
– Restore databases
– Rebuild farm and use the Restore Process and then
scale-out
DR Scenarios 2/2
• Loss of a WF/SB server
– Install Workflow Manager on a new server
- Drop the Management Databases, use the Restore
Process and then scale-out
- or
- Remove the old WF/SB Server and join a new one
• Loss of a Workflow Scope
– Restore Backup (do not overwrite)
– Use the Restore-WFScope cmdlet
Full Restore Process
• Restore Service Bus Farm
– Creates new SB Management database
– Use the same ports and configuration
– Use the Install account
• Restore Service Bus Gateway
• Restore Service Bus Message Container
– Specify the Id of the container
• Add Service Bus host to machine
• Configure Service Bus Namespace
– Using the original Symmetric key
Full Restore Process (cont.)
• Restore Workflow Farm– Creates a new Management database
– Specify the time of disruption, used for consistency checks
– Verification log (relative path) contains warnings about “suspect” inflight workflows
• Add Workflow host to machine
• On host 2 and 3– Add the Service Bus Host
– Add the Workflow Host
Applying Updates
• Co-ordinating updates between SharePoint
and Workflow Manager
– After applying updates, you should rerun
Register-SPWorkflowService with the -Force
switch.
– Adds a new deployment group
– Republishes any updated SharePoint activities
(in SharePoint update) to the Workflow
Manager farm
Wrap up
Summary
• Understand the Workflow Manager
architecture
• Configure and Deploy Workflow Manager
• Apply appropriate business continuity
strategies for Workflow Manager
Workflow Manager Articles
• Core Concepts, High Availability, Certificate and SharePoint considerations
http://www.harbar.net/articles/wfm1.aspx
• End to End Configuration using Auto Generated Certificates and NLB
http://www.harbar.net/articles/wfm2.aspx
• Switching an existing farm to use Domain CA issued certificates
http://www.harbar.net/articles/wfm3.aspx
• End to End Configuration using Domain CA issued certificates
http://www.harbar.net/articles/wfm4.aspx
• Workflow Manager Disaster Recovery – Preparations
http://www.wictorwilen.se/workflow-manager-disaster-recovery-–-
preparations
THANK YOU