Upload
dangnguyet
View
218
Download
1
Embed Size (px)
Citation preview
1
How to prepare for your RAP as a Service for Team Foundation Server
The Tools machine is used to connect to each of the servers in your Team Foundation Server environ-ment such as Team Foundation Server, SQL Server, SharePoint. and retrieve configuration and health information from them. The Tools machine retrieves information from the environment communicating over Remote Procedure Call (RPC), Server Message Block (SMB), and Distributed Component Object Model (DCOM). Once data is collected, the Tools machine is used to upload the data to the Microsoft Premier Services portal for automated analysis, followed up by manual analysis by one of our expert engineers. This upload requires internet HTTPS con-nectivity to specific sites. Alternatively, you can also export the collected data from the Tools machine and use a different machine to submit it. You need to ensure the machine used to upload the data also has the RAP as a Service client tool installed and has internet connection.
At a high level, your steps to success are:
1. Install prerequisites on your Tools machine and configure your environment
2. Collect data from your environment
3. Submit the data to Microsoft Premier Services for assessment
A checklist of prerequisite actions follows. Each item links to any additional software required for the Tools machine, and detailed steps included later in this document.
Checklist
Please ensure the following items have been completed before accessing the RAP as a Service Portal for the first time and starting your engagement.
1. General Use
A Microsoft Account is required to activate and sign in to the RAP as a Service portal. If you don’t have one already, you can create one at http://login.live.com
• To learn more about Microsoft Accounts, see: http://windows.microsoft.com/en-US/windows-live/sign-in-what-is-microsoft-account
Last modified: Oct 12, 2017
RAP as a Service for Team Foundation Server
Internet connectivity is
needed to:
Access the RAP as a
Service portal.
Activate your
account.
Download the
toolset.
Submit data.
Data submission to
Microsoft online servers
and displaying your
results on the online
portal uses encryption
to help protect your
data. Your data is
analyzed using our
RAP expert system.
Prerequisites
Download the latest prerequisites from:
http://www.microsoft.com/en-us/download/details.aspx?id=34698
2
Ensure access to https://services.premier.microsoft.com
Ensure the Internet browser on the data collection machine has JavaScript enabled. Follow the steps listed at How to enable scripting in your browser. Internet Explorer 9, Internet Explorer 10 and Internet Explorer 11 are the supported and recommended browsers for this offering. Most other modern HTML5 based browsers will also work.
The site https://ppas.uservoice.com provides access to the Support Forum and Knowledge Base Articles for RAP as a
Service
2. Activation
Ensure access to http://corp.sts.microsoft.com
Ensure access to http://live.com
3. Data Collection
a. Tools machine hardware and Operating System:
Server-class or high-end workstation machine running Windows Server 2016/Windows Server 2012 R2/Windows Server 2012/Windows Server 2008 R2/Windows Server 2008 or Windows 10/Windows 8/Windows7
Note: Windows Server 2003 is not supported as Tools machines.
Minimum: 4GB RAM, 2Ghz dual-core processor, 5 GB of free disk space plus up to 500MB per analyzed server and 1-5GB per web server in the assessed environment during data collection.
Joined to the same domain as the environment servers or a trusted domain.
b. Software for Tools machine:
Microsoft .NET Framework 4.0 installed
Windows PowerShell 3.0 or later installed
Log Parser 2.2 installed
Team Explorer 2012 or standalone TFS 2012 OM Installer
c. Account Rights:
Administrator access to all servers to be assessed in Team Foundation Server environment
Administrator role in all products that make up Team Foundation Environment to be assessed such as Team
Foundation Server, SharePoint, SQL Server, SQL Reporting Services, etc.
d. Additional Requirements for Windows Server 2008 (and later) servers:
Configure all server firewalls for “Remote Event Log Management”
The Appendix Data Collection Methods details the methods used to collect data.
4. Submission
Internet connectivity is required to submit the collected data to Microsoft.
Ensure access to *.accesscontrol.windows.net this URL is used to authenticate the data submission before accepting it.
The rest of this document contains detailed information on the steps discussed above.
Once you have completed these prerequisites, you are ready to use the RAP as a Service Portal to begin your assessment.
3
1. Hardware and Software
Server-class or high-end workstation computer equipped with the following:
Minimum single 2Ghz processor — Recommended dual-core/multi-core 2Ghz or higher processors.
Minimum 4 GB RAM—Recommended 8 GB RAM.
Minimum 5 GB of free disk space plus up to 500MB per analyzed server and 1-5GB per web server in the assessed environment during data collection.
Windows Server 2016/Windows Server 2012 R2/Windows Server 2012/Windows Server 2008 R2/Windows Server 2008 or Windows 10/Windows 8/Windows 7. Windows Server 2003 is not supported as a data collection machine.
Note: To successfully gather Performance data, ensure the data collection machine’s Operating System (OS) matches, or is a higher version of the highest versioned OS target machine used within the environment. Typically, this means that Windows 10 or Windows Server 2016 is acceptable to use.
Can be 32-bit or 64-bit operating system.
At least a 1024x768 screen resolution (higher preferred).
A member of the same domain as the servers being reviewed or a member of a trusted domain.
Microsoft® .NET Framework 4.0 — http://www.microsoft.com/en-us/download/details.aspx?id=17851
Windows PowerShell 3.0 or higher
Windows PowerShell 3.0 is part of the Windows Management Framework — https://www.microsoft.com/download/details.aspx?id=34595
The execution policy for PowerShell should be set to remotesigned on the tools machine
The execution policy settings can be verified using “get-executionpolicy –list” in a PowerShell command window
Log Parser 2.2 installed
IIS 7.0 - optional
Team Explorer 2012 or standalone TFS 2012 OM Installer
Networked “Documents” or redirected “Documents” folders are not supported. Local “Documents” folder on the data collection machine is required.
2. Accounts Rights
A domain account with the following:
Local administrator permission on all servers to be assessed.
Machine Requirements and Account Rights
4
Sysadmin on all SQL Instances that host Team Foundation Server databases.
System administrator of Analysis Services instances where Team Foundation
Server warehouse is located.
SharePoint Farm administrator and Site Collection administrator for the
SharePoint Farm where Team Project portals are running.
System administration and Home folder Content Manager of Reporting
Services instance where Team Foundation Server reports are located.
Team Foundation Server Administrator.
Ability to run PowerShell scripts on the machine running the RAP as a Service Client. The Windows PowerShell execution policy must be set to RemoteSigned or a policy that provides an equivalent ability to run local scripts — http://technet.microsoft.com/library/hh847748.aspx
NOTE: Usually the account used to install the Team Foundation Server environ-ment (often called TFSSetup) has these permissions. However, sometimes these permissions may have been revoked after the installation. Verification of permis-sions is still needed even if the account used during Team Foundation Installation is used.
WARNING: Failure to provide the required permissions can prevent collection of data needed for proper analysis.
WARNING: Do not use the “Run As” feature to start the client toolset as the dis-covery process and collectors might fail. The account starting the client toolset must logon to the local machine.
A Microsoft Account for each user account to logon to the Premier Proactive Assessment Services portal (https://services.premier.microsoft.com). This is the RAP as a Service portal where you will activate your access token, download the toolset and fill out the operational survey. This is also the URL that hosts the web service that coordinates the data submission
If you don’t have one, you can create one at http://login.live.com.
Contact your TAM if the token in your Welcome Email has expired or can no longer be activated. Tokens expire after ten days. Your TAM can provide new activation tokens for additional people.
3. Network and Remote Access
Ensure that the browser on the Tools machine or the machine from where you activate, download and submit data has JavaScript enabled. Follow the steps listed at How to enable scripting in your browser.
Internet Explorer is the recommended browser for a better experience with the portal. Ensure Internet Explorer Enhanced Security Configuration (ESC) is not blocking JavaScript on sites. A workaround would be to temporary disable Internet Explorer ESC when accessing the https://services.premier.microsoft.com portal.
Unrestricted network access from the Tools machine to all servers.
• This means access through any firewalls and router ACLs that might be lim-iting traffic to any of the servers. This
Internet connectivity is
needed in order to complete
this RAP as a Service offering
You will require access to the following
sites and URLs:
For general use:
https://services.premier.microsoft.com
For token activation and authentication: http://corp.sts.microsoft.com.
http://live.com
For data collection:
http://go.microsoft.com
For data submission
https://services.premier.microsoft.com
https://*.windows.net
https://ajax.aspnetcdn.com
Note: Some of these URLs cannot be
opened using a web browser.
Review the article below for complete
information regarding these URLs:
https://ppas.uservoice.com/
knowledgebase/articles/120616-what-
do-i-need-to-open-in-my-firewall-proxy
-to-use
5
includes remote access to DCOM, Remote Registry service, Windows Management Instrumentation (WMI) services, and default administrative shares (C$, D$, IPC$).
• Remote WMI access must be enabled on the analyzed servers. Note that this is by default on server OS but not on client OS which is often the case for build servers. See http://msdn.microsoft.com/en-us/library/windows/desktop/aa393266(v=vs.85).aspx and http://msdn.microsoft.com/en-us/library/aa822854(VS.85).aspx for more information.
• Firewall should not block WMI on the servers or anywhere in between – for example on the servers in Windows Firewall Advanced Configuration enable this Inbound rule for domain:
Windows Management Instrumentation (WMI-In)
• Administrative shares (i.e. C$) need to be enabled on the analyzed servers for remote collection of files (configs, logs) from these servers. If this is not possible, then as a workaround the locations can be temporarily shared only to the account that is used to run the collection.
• Ensure that the machine you use to collect data has complete TCP/UDP access, including RPC access to all servers.
The tools computer should be able to resolve the TFS servers through DNS using the configured server names - should be in
the same domain or able to resolve other domain servers. As a workaround hosts file can be modified.
IIS Management Scripts and Tools feature must be installed on TFS Application Tier, TFS Proxy and SharePoint servers – this
is necessary for collection and analysis of IIS logs.
The following services must be started on the target servers:
WMI
Remote Registry service
Server service
Workstation service
File and Printer Sharing service
Automatic Updates service
Performance Logs and Alerts service
Configure the server firewall to ensure all servers running Windows Server 2008/R2 and higher have “Remote Event Log
Management” enabled: RAP as a Service Client might be unable to collect event log information from a Windows Server
2008/R2 or higher SQL Servers hosts if “Remote Event Log Management” has not been allowed. When “Remote Manage-
ment” is enabled, the rules that allow Remote Event Log Management are also enabled.
To test if the tool will be able to collect event log data from a Windows Server 2008 R2 SQL Server host you can try to
connect to the Windows Server 2008/R2 server using eventvwr.msc. If you are able to connect, collecting event log data is
possible. If the remote connection is unsuccessful you may need to enable the Windows built-in firewall to allow “Remote
Event Log Management”.
6
Configure the server firewall to ensure all servers have “Performance Logs and Alerts” enabled: RAP as a Service Client
might be unable to start performance counters collection if this rule is disabled.
Connectivity Testing
Event Log: To test if the tool will be able to collect event log data from a Windows Server 2008 R2 server, you can try
to connect to the Windows Server 2008/R2 server using eventvwr.msc. If you are able to connect, collecting event log
data is possible. If the remote connection is unsuccessful you may need to enable the Windows built-in firewall to
allow “Remote Event Log Management”.
Registry: Use regedit.exe to test remote registry connectivity to the target servers (File > Connect Network Registry).
File: Connect to the C$ and Admin$ shares on the target servers to verify file access.
7
Appendix A: RAP as a Service Client Targets Parameters
When running client toolset, you will be asked for some parameters to identify targets in your environment:
Only URL is a mandatory parameter but in some configurations you may need to provide a few more. When hovering over each
input box you will get a description tooltip but more detailed description is provided in the following table:
In most cases it is recommended to start with URL parameter and if needed build servers only and then review the details of the
discovery results. If some of the mentioned servers are missing you can provide some of the optional parameters and rerun the
discovery. Make a note of the parameters that worked for your discovery for the next assessment runs.
URL URL of your TFS Instance for example http://tfsserver:8080/tfs. This is used to connect to your TFS
and get information about the components that compose your environment - Application and
Data Tier servers, SQL Instances and databases, Team Project Collections etc.
TFS Proxy servers TFS catalog usually does not contain information about TFS proxy servers. If you want to analyze
some of your TFS proxy servers specify their names separated by semicolon.
TFS Reporting Services
Servers
The only information TFS catalog contains regarding Reporting Services configuration is the URL.
The discovery will try to find out the server by parsing this URL but if it does not work you may
provide the server name(s) explicitly through this parameter.
TFS SharePoint Servers The only information TFS catalog contains regarding SharePoint configuration is the URL. The dis-
covery will try to find out the server by parsing this url but if it does not work you may provide the
server name(s) explicitly through this parameter.
Build, Test and other
Servers
If you want to have some of your build, test or other servers assessed as well you can provide
their names separated by semicolon here. You can use wildcard * for getting all of them automati-
cally but remember the overall number of analyzed servers should not exceed the service limit see
datasheet.
Advanced Options A list of additional semicolon separated options that can impact the way how the data are collect-
ed. See the table on the next page for the list of available options.
8
In the following table you can find the list of Advanced Options that you can use to impact the data collection process:
Examples:
• Force collection of large IIS logs, analyze only 10 largest TPCs and include TFS BPA report:
IISLOSALL;TOPTPC:5;TFSBPA:\\ATServer\C$\Users\xuser\AppData\Roaming\Microsoft\TfsBpa\TfsBpa.20150101140021
9645.data.xml
• Analyze only specific TPCs, run performance collection for 1 hour and scope only to TFS entities:
TPC:DefaultCollection,Experimental,Engineering;PERF:60;SCOPETFS
IISLOGSALL IIS Logs are not collected if their size is more than 10 GB per server for the last 7 days and any
analysis based on these logs are skipped. This limit can be removed by specifying this option. Note
that transferring large files may impact the servers performance and network bandwidth.
IISLOGSSKIP Specify this option if for any reason you want to avoid collecting IIS Logs but be aware that IIS Logs
analysis will not be performed.
TOPTPC:n By default only data for the top 50 (by size and activity) Team Project Collections and their data-
bases are collected and analyzed. Moreover very small collections are skipped as well. If you want
to change the limit you can provide any number in place of n. Note that analyzing large number of
collections can collect large data.
TPC:<tpc1>,<tpc2> Similar to TOPTPC but instead of number of Team project Collections you provide list of names
that should be analyzed. The names need to be separated by comma without spaces.
PERF:n By default we run performance monitoring for 4 hours. You should not change that for the first
data collection that will be analyzed by Microsoft engineer but in future submissions you can
specify shorter interval if you do not want to wait so long. These are allowed values for n:
• 0 - performance collection will be skipped completely.
• 10 - 10 minutes. Short performance collection just for sample analysis and reporting.
• 60 - 1 hour performance collection
TFSBPA:<path> If you use TFS Best Practices Analyzer from TFS Power Tools you can have your BPA report im-
ported as well. This way BPA errors and warnings can be reviewed on the portal and will be in-
cluded in the report.
The path must point to a valid and recent TFS BPA report accessible from the tools machine by
the account running the tool. It can be a local or UNC path. Typically the report path is:
C:\Users\<user>\AppData\Roaming\Microsoft\TfsBpa\TfsBpa.<timestamp>.data.xml
BPA gives you option to export it to another location, it can be copied to the tools machine etc.
SCOPETFS The tool’s discovery process can include non-TFS web sites, SQL Instances or even servers that can
create some noise in the assessment. This option excludes these entities and focuses on analyzing
only the real TFS entities. It is not recommended for some highly distributed environments spe-
cifically SQL Server on Cluster or SQL Server AlwaysOn.
BRANCHESHISTO-
RYSKIP
If you have a large Version Control branch structure you can use this option to reduce the
data collection time by skipping branch history and pending changes for Unused branches
analysis
9
Appendix B: Data Collection Methods
RAP as a Service for Team Foundation Server uses multiple data collection methods to collect information. This section
describes the methods used to collect data from a Team Foundation Server environment. Data collection uses workflows and
collectors. The collectors are:
1. Registry Collectors
2. File Collectors
3. Event Log Collectors
4. Performance Collectors
5. SQL Collectors
6. Windows Management Instrumentation (WMI) Collectors
7. TFS Client Object Model Collectors
1. Registry Collectors
Registry keys and values are read from servers in scope of the RAP as a Service for Team Foundation Server. They include
items such as :
• TFS installation data from HKEY_LOCAL_MACHINE\Software\Microsoft\TeamFoundationServer\10.0
\InstalledComponents\Tools and HKEY_LOCAL_MACHINE\Software\Microsoft\TeamFoundationServer\11.0
\InstalledComponents\Tools
• Windows Performance counters from
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\PerfLib
• Debugger settings from HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
• Operating System information from HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
This allows to determine Operation System information such as Windows Server 2003, 2008 or 2012.
2. File Collectors
• IIS logs. Note that IIS logs can be quite large thus impacting the duration of data collection and network perfor-
mance in addition to requiring sufficient free disk space on the Tools machine
• IIS application host config file (ApplicationHost.config)
• HTTP sys error log files (systemroot\System32\LogFiles\HTTPERR)
• TFS release manifest file (ReleaseManifest.xml) under TFS installation directory
• Various TFS config files such as TFSJobAgent.exe.config, web.config file for TFS web access, web.config file for TFS
web services, and proxy.config file for TFS version control proxy.
• TFS logs
3. Event Log Collectors
Collects event logs from servers in scope of Team Foundation Server. We collect the last 7 days of Warnings and Errors from
the Application and System event logs.
10
4. Performance Collectors
Collects Key Performance Indicators from your Team Foundation environment. They include items such as:
• % Processor Time
• Avg. Disk sec / Read
• TFS Work Item Tracking
• TFS Version Control
• TFS Services
• TFS File Container Service
5. SQL Collectors
Database information from the SQL Servers in TFS environment. They collect data such as:
• Statistics about commands or requests processed and logged by TFS
• Various statistics and data about work item tracking, version control, team build, and test management
• TFS registry settings
• Table sizes, SQL lock and process information, file I/O, database backup information
• SharePoint and SQL Analysis Services version information
6. Windows Management Instrumentation (WMI)
WMI is used to collect various information such as:
• Disk configuration: WMI_Win32_Volume, WMI_Win32_LogicalDisk, WMI_Win32_LogicalDiskToPartition
• IIS application pool settings: IISApplicationPoolSettings
• OS hotfix and TFS patching information: Win32_QuickFixEngineering, Win32_Product, Win32_PatchPackage
7. TFS REST API and Client Object Model Collectors
Custom collectors use the Team Foundation Server REST API and client object model SDK to gather various data from the TFS
environment. Some of the data collected include:
• Build and Release Management data such as definitions, build and release status, start, finish and duration times
• TFS job data such as jobs, their status, history
• TFS security groups
• TFS event subscriptions
• Branch information from version control
• TFS Lab Management data