Dynamics 365 For Finance Operations Local Business Data
Dynamics 365 For Finance & Operations: Local Business Data
Speaker Nathan Clouse Technical Solution Architect MCA Connect, LLC AXUG Summit Track Leader 2018/19 Nathan. clouse@mcaconnect. com Blog www. atomicax. com @Nathan. Clouse. AX
Getting Started - Topics • Requirements • Planning • Pre-execution • Execution • Deployment
But First – Known Issues! • https: //docs. microsoft. com/enus/dynamics 365/unifiedoperations/devitpro/deployment/setup-deploy -on-premises-pu 12#knownissues
Requirements
Infrastructure • Can’t Be In Cloud (Azure, AWS, Private external) • Must be in same physical data center • deployment packages are downloaded from LCS • More control with recent LBD Agents
Infrastructure • Lots of Hardware • A single 5 node cluster, depending on duty, can take 48 gigs of RAM and 16 v. CPUs at a minimum • RAM: AOS, 16; Orch, 8; SSRS, 8; MR, 8; (48) • v. CPU: AOS, 8; Orch, 2; SSRS, 2; MR, 2; (16)
Infrastructure • Lots of VMs • Each cluster is at a minimum 5 VMs (nodes) and you will have multiple clusters. MS suggests 7 (min) nodes per cluster but recommends 8 • Non-production: 3 clusters * 7 nodes = 21 VMs + 3 (SQL, FS, ADFS [minimum]) = 24 VMs • Production: 1 cluster * 8 nodes = 8 + 3 (SQL, FS, ADFS [minimum]) = 11 VMs 35
Prerequisites
Components • SNAC – ODBC driver 17 • SQL Server Management Studio • Microsoft Visual C++ Redistributable Packages for Microsoft Visual Studio 2013 • Microsoft Access Database Engine 2010 Redistributable
Components • All Others Packaged with Windows 2016 • Domain Controller must be 2012 R 2 or later • AAD*
VMs - Cluster • Windows 2016 Template (For All Cluster Nodes) • With SQL Server Management Studio (SSMS) already installed • Already on Domain
VMs - Cluster • Install Azure Power. Shell Extensions • Download Local Agent from LCS • Disable UAC Manually • Restart
VMs – Non-Cluster • SQL Server 2016 SP 1 • Fileserver on Windows 2016 (SMB 3. 0+) • ADFS (could be shared; not recommended)
Planning
Shameless Self Promotion! • https: //github. com/Nathan. Clo use. AX/LBDDeployment. Helpe r • https: //github. com/Nathan. Clo use. AX
DNS Environment Names • TEST AX – ax. TEST. d 365 ffo. onprem. contoso. com, ax. TEST. contoso. com Service Fabric (SF) • TEST SF - DNS Name=sf. TEST. d 365 ffo. onprem. contoso. com, sf. TEST. contoso. com Environment DNS • On-prem agent - DNS Name=*. d 365 ffo. onprem. contoso. com
DNS Zones • You will more than likely need a new DNS zone like d 365 ffo. onprem. contoso. com. A Records • Plus some A records for your AOS(s) and Orchestrator(s) like ax. d 365 ffo. onprem. contoso. com and sf. d 365 ffo. onprem. contoso. com.
Certificates Self-Signed • Not trusted • Have to push out exceptions using group policy AD CS – Active Directory Certificate Services • Valid inside your domain only • Additional setup Issued • Trusted outside of organization, some gotcha’s
Certificates Considerations • Will anyone outside of org be using? • If yes, can outsiders be given access for RDP to an IE instance? • Life time of certificates • Servicing
User and Service Accounts • Types • g. MSA – group managed service account • Domain – normal domain account; going away in later versions • SQL - normal SQL account; going away in later versions • Naming: • MS Suggestion: Contososvc-FRAS$ • Actual: Contososvc-TESTFRAS$, Contososvc-UATFRAS$
User and Service Accounts - Suggestions • Run all commands with the same account that is a local admin AND domain admin that is not a person (contosoDynamics. Servicing) • Protect. To several secured accounts (contosoadministrator, contosoDynamics. Servicing, service account for specific cluster) • Pick one of your ORCH servers to be “home base” when not required that something run in a specific place
Environment Worksace • 1 Share for that environment for everything in that environment • TEST: \File. Server 01TEST • TRAIN: \FIle. Server 01TRAIN • Stage Everything to that Workspace for that environment • Don’t intermix
LCS • Download Deployment Scripts from LCS (In Model Area) • Plus Demo Data Package (update 12)*
Describe Your Configuration • infrastructureConfig. Template. xml • infrastructureD 365 FO-OPNode. Topology. Defintion. xml • infrastructureD 365 FO-OPDatabase. Topology. Defintion. xml
Config. Template. xml • Fill out the Config. Template. xml from our plan above • Link: https: //goo. gl/F 2 NG 2 x (https: //perma. cc/MZ 9 J-FAHG) • Domain Name • Backup. File • ADService. Accounts • Log. File. Size • • DNSHost. Names Node Types Thumbprints Node IPs Protected. To Node Purpose Db. Name Node Domains
Node. Topology. Definition. xml • Link: https: //goo. gl/TZVDkr (https: //perma. cc/T 67 J-MD 54) • Nothing to do here 99. 9% of the time
Database. Topology. Defintion. xml • Link: https: //goo. gl/TZVDkr (https: //perma. cc/T 67 J-MD 54) • Username • Db. Names – Transactional, Orchestrator, Financial Reporting • Any other DB related changed from Config. Template. xml
Execution – 1 and Done
Configure SQL Server • SQL Must be run as a domain user – create a domain user for the service to run under • Install or generate cert • Typical SQL install profile with full text indexing (No SSIS or SSRS required) • https: //docs. microsoft. com/en-us/dynamics 365/unifiedoperations/dev-itpro/deployment/setup-deploy-on-premisespu 12#setupsql
Configure File Share Storage, Part 1 • Install using Power. Shell: • Install-Windows. Feature -Name FS-File. Server Include. All. Sub. Feature -Include. Management. Tools • Create shares for each named environment • Will apply environment specific security later
Configure AD FS • Easy Mode! Use Power. Shell Script. • Link: https: //goo. gl/ZAkd. Z 4 (https: //perma. cc/C 844 YDEE)
Execution - Cluster
Certificates (again) • Generate certs • Depending on type selected, make sure it is reflected in the Config. Template. xml • Copy PFX files into VM directories after next step # Create self-signed certs. New-Self. Signed. Certificates. ps 1 -Configuration. File. Path. Config. Template. xml # Exports Pfx files into a directory VMs<VMName>, all the certs will be written to infrastructureCerts folder. . Export-Pfx. Files. ps 1 -Configuration. File. Path. Config. Template. xml
Configure VMs • Script will generate specific VM scripts; copy to shared workspace; copy back down to each node • Use Planning Spreadsheet to copy certs • Navigate to the VM directory # Install pre-req software on the VMs. . Configure-Pre. Reqs. ps 1 -MSIFile. Path <path of the MSIs> # Run if they exist. Add-GMSAOn. VM. ps 1. Import-Pfx. Files. ps 1. Set-Certificate. Acls. ps 1. Test-D 365 FOConfiguration. ps 1
Create The Cluster • From an ORCH node. New-SFCluster. Config. ps 1 -Configuration. File. Path. Config. Template. xml -Template. Config <Service. Fabric. Standalone. Installer. Path>Cluster. Config. X 509. Multi. Mach ine. json. Test. Configuration. ps 1 -Cluster. Config. File. Path. cluster. Config. json #If test was successful • STOP – review Cluster. Config. json file. Some performance tuning opportunities. Create. Service. Fabric. Cluster. ps 1 -Cluster. Config. File. Path. Cluster. Config. json
Connect To LCS #Run once and only once. Add-Cert. To. Service. Principal. ps 1 Certificate. Thumbprint <On. Prem. Local. Agent Certificate Thumbprint> Refer to known issues
Configure File Share Storage, Part 2 • Create shares • Agent • Aos-storage • Diagnostics. Store (for cluster) • Add specific security for each share
Encrypt (all other) Credentials • Encrypt the credentials for the AOS service account from a cluster node member • Credentials. json Invoke. Service. Fabric. Encrypt. Text '<text. To. Encrypt>' Cert. Thumbprint '<Data. Encipherment Thumbprint>' -Cert. Store. Location Local. Machine -Store. Name My | Set. Clipboard
Install SSIS • Install SSIS on AOS node(s) • Licensing a consideration
Install and Configure SSRS • Install and configure SSRS on SSRS node • Scale-out not currently supported • Licensing a consideration
• From ORCH Node, run scripts to configure databases from Infrastructure. Scripts: . Initialize-Database. ps 1 -Configuration. File. Path. Config. Template. xml -Component. Name Orchestrator. Initialize-Database. ps 1 -Configuration. File. Path. Config. Template. xml -Component. Name AOS. Configure-Database. ps 1 -Configuration. File. Path. Config. Template. xml -Component. Name AOS. Initialize-Database. ps 1 -Configuration. File. Path. Config. Template. xml -Component. Name MR
Configure ADFS – First install • . Publish-ADFSApplication. Group. ps 1 -Host. Url 'https: //ax. d 365 ffo. onprem. contoso. com’
Configure ADFS – not first install
Configure Connector and Local Agent • Add Connector in LCS • Download installer #Script to get all the values LCS needs. Get-Agent. Configuration. ps 1 -Configuration. File. Path. Config. Template. xml • #command line to install Local. Agent • Local. Agent. CLI. exe Install <path of config. json> • Send Message in LCS - wait
Deploy Dynamics 365 F&O LBD • From ADFS Box, run this as user with domain admin using the Config. Template. xml file for the instance you are working with. #Script to get most values required by LCS. Get. Deployment. Settings. ps 1 Configuration. File. Path. Config. Template. xml
Deploy Dynamics 365 F&O LBD
If All Goes Well….
Questions?
Please Let Us Know Your Feedback • We want to hear what you think even if you think I’m terrible but want to be polite about it. • Image Credits: https: //pixabay. com/, https: //www. microsoft. com/en-us/, https: //twitter. com/
Thank you! https: //www. linkedin. com/in/nathanclouseax/ https: //twitter. com/Nathan. Clouse. AX http: //www. atomicax. com/ https: //github. com/Nathan. Clouse. AX/ Nathan. Clouse@MCAConnect. com Nathan Clouse Technical Solution Architect MCA Connect, LLC AXUG Summit Track Leader Nathan. clouse@mcaconnect. com www. atomicax. com @Nathan. Clouse. AX
- Slides: 54