You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 12
Next »
OS Requirements
- 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter
- Or 64-bit edition of Windows Server 2012 Standard or Datacenter
Requirements by Component
Notification Service
Aspire BDC Service
In Windows Server 2008 R2 SP1
- IIS Server role
- Common HTTP Features
- Static Content
- Default Document
- Directory Browsing
- HTTP Errors
- HTTP Redirection
- Application Development
- ASP.Net
- .Net Extensibility
- ISAPI Extensions
- ISAPI Filters
- Security
- Basic Authentication
- Windows Authentication
- Digest Authentication
- Client Certificate Mapping Authentication
- IIS Client Certificate Mapping Authentication
- URL Authorization
- Request Filtering
- IP and Domain Restrictions
- Management Tools
- IIS Management Console
- IIS Management Scripts and Tools
- Management Service
- Application Server role
- All role features (confirm all dependencies)
- Microsoft .NET Framework version 4.5
In Windows Server 2012
- IIS Server role
- Common HTTP Features
- Static Content
- Default Document
- Directory Browsing
- HTTP Errors
- HTTP Redirection
- Application Development
- ASP.Net 3.5
- ASP.Net 4.5
- .Net Extensibility 3.5
- .Net Extensibility 4.5
- ISAPI Extensions
- ISAPI Filters
- Server Side Includes
- Security
- Basic Authentication
- Windows Authentication
- Digest Authentication
- Client Certificate Mapping Authentication
- IIS Client Certificate Mapping Authentication
- URL Authorization
- Request Filtering
- IP and Domain Restrictions
- Management Tools
- IIS Management Console
- IIS Management Scripts and Tools
- Management Service
- Application Server role (confirm all dependencies)
- .Net Framework 4.5
- TCP Port Sharing
- Web Server (IIS) support
- Windows Process Activation Service Support
- Named Pipes Activation
- HTTP Activation
- TCP Activation
User Account Requirements
To run the deploy scripts use an account with the following requirements:
- Domain user.
- Member of the Administrators user group.
The following are the user requirements for each component of the Endpoint:
- Domain user
- Member of AspireUsers user group
Aspire BDC Service
- Domain user
- Member of AspireUsers user group
Notification Service
- Domain user
- Member of AspireUsers user group
- SharePoint Shell Admin (user who has SharePoint_Shell_Access role in farm configuration database, and member of WSS_Admin_WPG group)
- The SharePoint Application Pool Account has to be Search Service Application administrator
- Default content access account
- BDC Service Application administrator
- BDC Metadata Store Permissions:
- Edit
- Execute
- Selectable in Clients
- Set Permissions
- “WSS_Content_Application_Pools” administration content database role.
Manually add user permissions
- Make the SharePoint Application Pool account a Search Service Application administrator:
- Central Admin -> Application Management -> Manage Service Applications.
- Select “Search Service Application” row (not the link).
- Click on the “Administrators” button on the ribbon.
- Add the user and give it “Full Control” permissions.
- Make the user the Default content access account:
- Go to Central Admin -> Application Management -> Manage Service Applications -> Search Service Application.
- Click the current access account.
- Enter the new account credentials
- Make the user a Business Data Connectivity Service administrator:
- Central Admin -> Application Management -> Manage Service Applications.
- Select “Business Data Connectivity Service” row (not the link).
- Click on the “Administrators” button on the ribbon.
- Add the user and give it “Full Control” permissions.
- Give the user Metadata Store permissions:
- Central Admin -> Application Management -> Manage Service Applications -> Business Data Connectivity Service.
- On the ribbon, select "Set Metadata Store Permissions".
- Add the user and select all the permissions.
- Click OK.
- Add administration content database role membership:
- Add database role membership “WSS_Content_Application_Pools” of SharePoint_AdminContent_<GUID> to Notification Endpoint app pool user:
- For search databases, confirm that you have the SPSearchDBAdmin database role. This should be added to the account you set up as the Search Service Application administrator, if not, add them manually.
- To access the list of database roles on SQLSERVER:
- Open the SQL Server Management Studio.
- Go to Security -> Logins.
- Right click on the user and select Properties.
- Select "User Mappings".
Security Pre-Trimmer
The Security PreTrimmer requires that the user identity sent to it contains at least one of the following claim types:
- claims/userlogonname: This is for windows authentication. The pretrimmer will use this value to send it to the Aspire Group Expansion.
- claims/primarysid: This is for other types of authentication (e.g. ADFS). The pretrimmer will take the primary SID value and translate it into a valid user id to send it to the Aspire Group Expansion.
SharePoint 2013 Aspire Components Installation
This describes the steps needed for installing the various Aspire components of the SharePoint 2013 Publisher Endpoint.
This installation is done through a powershell script that will setup and configure the following components:
- Intermediate Repository. Shared folder created to be used as a SharePoint External Source.
- (IIS Service) Aspire Service. Acts as a data source for the Aspire ECT.
- Reads XML files from the Repository using a separate timestamp file to managed updated content.
- Protected using NTLM authentication mechanism.
- Any user accessing this service must be member of the AspireUsers Active Directory or local Windows group.
- (SharePoint Solution) Notification Endpoint. Receives requests for crawling the Aspire Content Source.
- Creates the Content Source specific directory in the publisher file share.
- Creates the Search Service Application Content Source.
- Creates the BDC Model and External Content Type (ECT) in SharePoint Business Data Connectivity Services.
- Security Trimmer. Used to enhance the search query in SharePoint Search using group expansion from Aspire.
- Error Crawl Logs. Used to get crawled document logs from a content source.
Publisher Installation
Single Server Installation
- Download the latest version of the installation files from our repository
- Log in to a SharePoint 2013 server
- Copy the installation package (Deploy file) to that server
- Extract it to some directory (i.e.: C:\Deploy)
- Fill up the configurationParameters.xml
- Start PowerShell as administrator
- cd to scripts directory (cd “C:\Deploy\scripts”)
Run
.\DeployPublisher.ps1 -configurationFilePath ..\config\configurationParameters.xml
(Optional) Install the Security Trimmer. Run
.\DeployAspireSecurityTrimmer.ps1 -configurationFilePath ..\config\configurationParameters.xml
- Reboot the server to ensure security group memberships are updated
- Deploy and configure Aspire component (SharePoint 2013 Publisher Configuration Tutorial)
Multi-Server Installation
- Install the intermediate repository
- Log in to the server that you plan to install the intermediate repository
- Copy the installation package Deploy File to that server
- Extract it to some directory (C:\DeployRepository)
- Fill up the configurationParameters.xml
- Start PowerShell as administrator
- cd to scripts directory (cd “C:\ DeployRepository\scripts”)
Run
.\DeployIntermediateRepository.ps1 -configurationFilePath ..\config\configurationParameters.xml
- Reboot the server to ensure security group memberships are updated
- Deploy Aspire BDC Service
- Copy the extracted installation folder content (C:\DeployRepository\...) with updated configuration file, from Intermediate Repository server
- Log in to the server that you planned to install Aspire Service, and paste copied content to some directory (C:\DeployAspireService)
- Make sure the configuration file has been updated from the previous installation and filled piped parameters inside Aspire BDC Service inputs.
- Start PowerShell as administrator
- cd to scripts directory (cd “C:\DeployAspireService\scripts”)
Run
.\DeployAspireBDCService.ps1 -configurationFilePath ..\config\configurationParameters.xml
- Reboot the server to ensure security group memberships are updated
- Deploy Notification Service
- Copy the installation package (C:\DeployAspireService) with updated configuration file, from Aspire Service server
- Log in to any SharePoint server that you planned to install Notification Service, and paste copied content to some directory (C:\DeployEndpoint)
- Make sure the configuration file has been updated from the previous installation and filled piped parameters inside Notification Service inputs.
- Start PowerShell as administrator
- cd to scripts directory (cd “C:\DeployEndpoint\scripts”)
Run
.\DeployNotificationService.ps1 -configurationFilePath ..\config\configurationParameters.xml
- Reboot the server to ensure security group memberships are updated
- Deploy and Configure Aspire Component
- See SharePoint 2013 Publisher Configuration Tutorial
Security Trimmer Installation
- Fill up the configurationParameters.xml
- Start the SharePoint Management Shell as Administrator.
- cd to scripts directory (cd “C:\DeployEndpoint\scripts”).
Run
.\DeployAspireSecurityTrimmer.ps1 -configurationFilePath ..\config\configurationParameters.xml
- RESTART The SharePoint Search Host Controller service
Configuration Parameters Example
The configuration file is found here "..\Deploy\config\configurationParameters.xml".
The next is an example on how to fill up the configuration file using the QA\spadmin for all the services.
<?xml version="1.0"?>
<parameters>
<security>
<usersGroupName>AspireUsers</usersGroupName>
<ldapGroupQuery>CN=Users,DC=QA,DC=local</ldapGroupQuery>
</security>
<users>
<AspireBDCServiceAppPool>QA\spadmin</AspireBDCServiceAppPool>
<contentAccess>QA\spadmin</contentAccess>
<aspirePropertyRepositoryUser>QA\spadmin</aspirePropertyRepositoryUser>
<aspirePropertyEndpointUser>QA\spadmin</aspirePropertyEndpointUser>
</users>
<repository>
<inputs>
<folderPath>C:\Repository</folderPath>
<shareName>IntermediateRepository</shareName>
</inputs>
<outputs>
<repositorySharePath></repositorySharePath>
</outputs>
</repository>
<aspireService>
<inputs>
<folderPath>C:\inetpub\wwwroot\AspireService</folderPath>
<repositorySharePath piped="true"></repositorySharePath>
</inputs>
<outputs>
<aspireServiceUrl></aspireServiceUrl>
</outputs>
</aspireService>
<notificationEndpoint>
<outputs>
<notificationEndpointUrl></notificationEndpointUrl>
</outputs>
</notificationEndpoint>
<securityTrimmer>
<inputs>
<groupExpansionService>http://localhost:50505/groupExpansion</groupExpansionService>
<groupExpansionTimeout>15000</groupExpansionTimeout>
<useDomain>false</useDomain>
<claimIssuer>aspire</claimIssuer>
<searchApplicationName>Search Service Application</searchApplicationName>
<id>1</id>
<assemblyVersion>2.2.0.2</assemblyVersion>
</inputs>
</securityTrimmer>
</parameters>
Section Description
Security
<security>
<usersGroupName>AspireUsers</usersGroupName>
<ldapGroupQuery>CN=Users,DC=QA,DC=local</ldapGroupQuery>
</security>
The security section is an initial approach to have the users group name configurable. Right now it is hardwired to AspireUsers and cannot be changed due to code limitations.
Right now this configuration is used to determine if the AspireUsers group exists as an Active Directory group and if not, it will create it locally.
Field | Description |
---|
Users Group Name | User group to which the users must belong to. |
LDAP Group Query | The LDAP query (minus the group name) that will be used to check for the existence of the group. |
Users
<users>
<aspireServiceAppPool>QA\spadmin</aspireServiceAppPool>
<contentAccess>QA\spadmin</contentAccess>
<aspirePropertyRepositoryUser>QA\spadmin</aspirePropertyRepositoryUser>
<aspirePropertyEndpointUser>QA\spadmin</aspirePropertyEndpointUser>
</users>
The users section specifies the users for each component.
Field | Description |
---|
Aspire Service app pool user | User who runs the app pool of Aspire BDC Service |
Content access user | SharePoint default content access account |
Aspire property repository user | Intermediate Repository user, which is specified in Aspire PublishToSP2013 application properties. This can be any domain user |
Aspire property endpoint user | Endpoint user, which is specified in Aspire PublishToSP2013 application properties. This can be any domain user |
Repository
<repository>
<inputs>
<folderPath>C:\Repository</folderPath>
<shareName>IntermediateRepository</shareName>
</inputs>
<outputs>
<repositorySharePath></repositorySharePath>
</outputs>
</repository>
The Repository section defines the directory where the batches that Aspire generates will be stored until SharePoint crawls them and then get cleaned up.
Field | Description |
---|
Folder Path | Location used to map the Shared folder |
Share Name | Name of the Shared folder that will be exposed to the smb protocol |
Aspire BDC Service
<aspireService>
<inputs>
<folderPath>C:\inetpub\wwwroot\AspireBDCService</folderPath>
<repositorySharePath piped="true"></repositorySharePath>
</inputs>
<outputs>
<aspireServiceUrl></aspireServiceUrl>
</outputs>
</aspireService>
The Aspire BDC Service section defines the destination of the service's assemblies and the url to the intermediate repository.
Field | Description |
---|
Folder Path | Destination of the service's assemblies |
Repository Share Path | |
Notification Service
<notificationService>
<inputs>
<webAppUrl></webAppUrl>
</inputs>
<outputs>
<notificationServiceUrl></notificationServiceUrl>
</outputs>
</notificationService>
The Notification Service section defines the SharePoint web application where the Notification Service will be deployed.
Field | Description |
---|
Web App Url | Optional. Defines the SharePoint web application where the notification service will be deployed. If no web app is defined it will deploy in all web apps in the farm. It can be deployed in the central admin as long as a Web Front End service is enabled in that server. |
Security Trimmer
<securityTrimmer>
<inputs>
<groupExpansionService>http://localhost:50505/groupExpansion</groupExpansionService>
<groupExpansionTimeout>15000</groupExpansionTimeout>
<useDomain>false</useDomain>
<claimIssuer>aspire</claimIssuer>
<searchApplicationName>Search Service Application</searchApplicationName>
<id>1</id>
<assemblyVersion>2.2.0.2</assemblyVersion>
</inputs>
</securityTrimmer>
The Security Trimmer section defines the properties that the Trimmer component needs to access the group expansion service in order to verify the claims of a user requesting documents.
Field | Description |
---|
Group Expansion Service | Url of the Aspire Group Expansion service |
Group Expansion Timeout | Timeout to wait for Group Expansion response |
Use Domain | Use domain in security trimmer |
Claim Issuer | If you are using "Use Aspire" option in the SharePoint2013 Publisher, type "aspire" |
Search Application Name | Name of the Seach Application |
Id | The trimmer instance Id in SharePoint. Default is 1. |
Assembly Version | Version of the trimmer dll registered on the GAC |
Installation Verification
Repository
Check in your drive that the folder was created. The location can be found in the output parameter <repositorySharePath>.
Aspire BDC Service