In Part1 of this blog series, we talked about a topology which had a load balancer and multiple application tiers, and also had the test network which has explicit firewall settings to control the test traffic flowing in and out of test network.
In this Part2, we will pick a topology that does not have load balancer but with multiple application tiers and data tiers and look at configuration aspects that are specific to enabling Visual Studio Lab Management. We will also touch upon supported SAN configurations in test network.
Before we start with these topics, I would like to list down the acronyms that we would be using in this article. These are mentioned already in Part1, but I am listing them again here.
- Corp network – Would refer to the corp. network where TFS is hosted. A Corp network would have one or more ATs, DTs, Load balancers, Proxy, VMM server. Clients are typically connected to this network while at work.
- Test network – Would refer to the network where the testing of the apps would happen. Test controller, Build controller, VMM server, VMM Library VMM hosts are present in this network. Please note that VMM server can either be in Corp network on in Test network depending on your choice.
- Corp Domain – the domain controller in corp. network
- Private Lab Domain – the domain controller in Private Test network.
- AT – Application Tier
- DT – Data Tier
- VMM – System Centre Virtual Machine Manager
- TC – Test controller
- BC – Build Controller
- BSH – Build Service Host
Topology #2 – Topology with multiple ATs and DTs without load balancers and Test network with SAN based library and host.
The topology that we would pick for discussion today is as follows:
This topology has following components in Corp network
- Two Application tiers, out of which one of them is exposed to outside of Corp network and the other is servicing requests completely within Corp network. Each application tier in this case will be configured to run with Network service account.
- A AT source control proxy
- Two data tier named instances one for config DB and the other for Collection DBs
And the following components in Test network
- VMM server, Library and Host; with VMM library and host having their drives mapped to SAN disk space.
- Test and Workflow controllers
Please note that the Test network in this case is just a different LAN segment, but the components in Test Network are all joined to Corp domain. I would like to again reiterate the fact that for Visual Studio Lab Management 2010 release, we require all of the below components to be in same trusted domain; TFS, Test and Workflow controllers, VMM server, library & Host.
Let’s look at the configurations of each of them, specifically the ones required to enable Visual Studio Lab Management. I am not going to cover the firewall setting aspects as they are same as what we covered in Part1.
1) Setting up Application tiers
- Installing & Configuring AT exposed to non Corp network (AT1)
a) Installation and Collection creation
Follow the Team Foundation 2010 Setup instructions to install the primary application tier.
While configuring the TFS ensure that the AT service account is selected to run as Network service account, as per our need for this example; point to appropriate named SQL DB instance when pointed for, in our example topology lets say it is DT1\CONFIGDB.
While creating new collections, provided the named SQL DB instance, in our topology say it is DT2\CollectionDB
b) Setting appropriate IIS bindings
Bind your TFS website with HTTP, port (8080, by default for TFS) and appropriate IP bindings. Given that this Application tier is also exposed to non Corp network add a HTTPS binding with appropriate SSL certificate. Example of such a bindings viewed from inetmgr in my server looks as below
You can take a look at http://blogs.msdn.com/ablock/archive/2009/08/24/exposing-tfs-2010-beta-2-to-the-internet.aspx which talks about ways to expose TFS to internet.
c) Setting appropriate Notification and Server URLs
Given that there are clients who would be accessing the server from outside of Corp network, set the Notification URL to be HTTPS URL. Click on “Change URLs” in TFS Admin console at Application Tier level and modify the notification URL.
Retain the Server URL as it is as localhost.
d) Setting appropriate Lab URL
Click on Application Tier –> Lab Management –> Re configure Lab Management –> Advanced tab and check the Lab URL. The Lab URL will be same as Notification URL, in our example we should see https://TFS.mycorp.com:8443 which was set in step above. Lab URL is used by build agent in Lab environment while connecting to the TFS. Hence edit the Lab URL to http://tfsfqdn.mycorp.com:8080/tfs.
If you wish to configure build agent to communicate to TFS via HTTPS, then you should install appropriate client SSL certificate before you prepare the golden templates. In that case, you could retain the HTTPS url as your Lab URL.
e) Collection level settings for Lab Management
Take a look at Visual Studio 2010 setup instructions for TFS and Lab Management and configure the Lab management host group, library share and Lab service account at collection level. The getting started video of Lab Management should help to get started with Lab Management configurations, http://blogs.msdn.com/lab_management/archive/2010/02/11/visual-studio-lab-management-videos.aspx.
Launch Admin console –> Click Team Project Collections under Application Tier –> Click on Collection –> Click on Lab Management Tab –> Click on Configure Library Shares and configure the Library shares.
Click on Hostgroups Tab and configure the Hostgroup for Lab Management.
Click on Service account Tab and configure Lab service account
- Installing & Configuring AT servicing requests only with Corp network (AT2)
a) Installing AT only
Follow the TFS 2010 setup instructions to install and configure “AT only” configuration. In our example we want all the application tiers to be running as Network service account. Launch TFS Admin Console and check if the AT service account is configured as Network Service. If not change it to Network Service by clicking on Application Tier –> Change Account.
b) Setting appropriate IIS bindings
Given that this AT will be servicing requests only within Corp Network set the TFS website bindings to HTTP, port 8080 and appropriate IP if required.
c) Secondary AT service account provisioning for Lab Management
Visual Studio Lab Management does account provisioning of TFS service account in VMM server and Host for it to function well. This is done as part of configuring VMM server at AT level and while configuring Hostgroup and Library share at collection level.
In our example, since each AT is running as Network service account, both the machine accounts will have to be provisioned. The primary AT account will already be provisioned when you complete the Lab configuration and Host group, Library share configuration as explained earlier.
In order to provision the secondary AT account in VMM server, from secondary AT launch TFS Admin console –> click Lab Management under Application Tier –> Click Re-configure Lab management –> In Virtual Machine Manager tab click on the “test” link. As part of test verification it will automatically provision the service account in VMM server.
In order to provision the secondary AT account in VMM hosts, open Lab Management settings as explained earlier while configuring new hostgroup for primary AT. Click on individual hostgroup and click verify.
- Installing & Configuring AT Source control proxy
Follow the Visual Studio 2010 TFS AT proxy installation steps for installing AT proxy. There is no Lab Management specific configuration required to be done in proxy.
2) Setting up Controllers
Take a look at the Visual Studio 2010 setup instructions for Test controller setup and TFS 2010 setup instructions for Build controller setup. The getting started video of Lab Management should help http://blogs.msdn.com/lab_management/archive/2010/02/11/visual-studio-lab-management-videos.aspx.
For this topology, while configuring the controller you have the option to either point to AT1 HTTP endpoint or AT2 HTTP endpoint. In case you choose to use AT HTTPS endpoint while configuring the controllers then you need to have appropriate client certificates installed in your controllers. However, for performance reasons it is not recommended to use HTTPS end point if your TFS and Controllers are within the Corp network.
3) Setting up VMM Server, VMM Library and VMM Host with SAN storage
Take a look at the TFS 2010 setup instructions for configuring Lab Management and SCVMM setup instructions. The getting started video of Lab Management should help http://blogs.msdn.com/lab_management/archive/2010/02/11/visual-studio-lab-management-videos.aspx.
With regard to SAN support, Visual Studio Lab Management 2010 does not support or leverage clustering. This would mean you cannot have test setup with VMM host clustering or create VMs that are cluster aware.
However, if you decide to have your VMM library and VMM Host disk space in a SAN drive for space and reliability needs, you will have to have separate LUNs mapped for VMM and the Host disk. Even if the LUNs are managed by same controller, given that Visual Studio Lab Management 2010 does not leverage any of SAN functionalities, the underlying BITS copy during a virtual machine deployment will happen all the way from Library to Host via your LAN network.
Clients in Corp network can connect either to either AT1 HTTP endpoint or AT2 HTTP endpoint.
Clients in Internet will need to have the client certificate to connect to the AT1 HTTPS endpoint that the application tier is bound to. If you are in un trusted domain but accessing the exposed TFS website, you will have to authenticate yourselves while connecting to the TFS.
The other details with regarding to lab operations that could be performed from client outside Corp network remains same as we discussed in Part1.
5) Golden Templates
The Golden template preparation steps are same as what was discussed in Part1.