Scripted Installation of SharePoint 2013 and Office Web Apps Server – From the Field (Part 4)

This is fourth post in the scripted installation of SharePoint 2013 and Office Web Apps Server blog series, covering the installation, deployment and configuration of an Office Web Apps Server Farm

For SharePoint farm topology, installation and provisioning of all required service applications please see blog one, two and three of this series.

  1. Farm Topology and Prerequisites
  2. SharePoint Installation, Configuration and Basic Service Applications Deployment
  3. User Profile, Search and Distributed Cache Service Applications Deployment
  4. Office Web Apps Server farm Implementation and Configuration

OWA Overview

Office Web Apps is the online companion to Office Word, Excel, PowerPoint, and OneNote applications. It enables users to view and edit documents through a browser by providing a representation of an Office document. A SharePoint 2013 farm can be configured to use the Office Web Apps Server farm and provide Office Web Apps functionality to users who create or open Office files from SharePoint libraries.

Office Web Apps (OWA) Server supports two primary installation scenarios: a single-server Office Web Apps Server farm, and a multi-server load-balanced Office Web Apps Server farm. For this blog series, continuing with the desire for high availability, OWA will be implemented in a two-server load-balanced mode, utilising the same hardware load balancing solution as the SharePoint web front end servers. The OWA traffic will be encrypted and the solution will be implemented over HTTPS. The OWA Server will not run any other server applications including Exchange Server, SharePoint Server, Lync Server, and SQL Server. Also no other services or roles that depend on the Web Server (IIS) role on port 80, 443, or 809 should be installed on the OWA servers, as OWA Server periodically removes web applications For this blog series, 

Prerequisites and Assumptions

  1. Ensure that ports 443 (HTTPS traffic), 80 (HTTP traffic) and 809 (private traffic between the servers that run Office Web Apps Server in the farm) are not blocked by firewalls on the two Office Web Apps Servers.
  2. All Office Web App servers have an additional drive to host Data and Log flies.
  3. Copy the OWAScripts.zip to the E:\Install\scripts directory.
  4. Download and mount the OWA installation media ISO to drive D:\ on both servers
  5. The two OWA servers have Windows Server 2012 installed and are called OWA1 and OWA2 respectively

Request an Internal SSL Certificate

The internal URL used to provision the certificate is officeweb.sharepoint.company.com  

Ensure that the certificate meets the following requirements:

  • The certificate must come from a trusted Certificate Authority (CA) and include the fully qualified domain name (FQDN) of the Office Web Apps Server farm in the SAN (Subject Alternative Name) field (if the FQDN is not in the SAN when you try to use the certificate, the browser will either show security warnings or won’t process the response).
  • The certificate must have an exportable private key.
  • The Friendly name field must be unique within the Trusted Root Certificate Authorities store (OfficeWeb).
  • The FQDN in the SAN field must not begin with an asterisk (*).
  • The certificate properties and extensions do not matter. Office Web Apps Server requires no particular certificate property or extension
  • The FQDN of the certificate resolves to the IP address assigned to the load balancer for the Office Web Apps Server farm. 

The SSL offloading is set to off by default as part of the setup. When SSL is offloaded, it allows each Office Web Apps Server in the farm to communicate by using HTTP with the load balancer. However, all references to resources in the HTML are HTTPS references. If this is not set and HTTP is used, users will not be able to see resources or they will see security warnings. When offloading is set to off, SSL terminates at the individual servers that run Office Web Apps Server instead of the hardware load balancer.

The SSL will be terminated at the load balancer instead, due to the following advantages:

  • Simplified certificates management
  • Improved soft affinity
  • Improved performance

Install Windows Roles and Features

Execute the following PowerShell script to install the required windows components on both servers followed by a server restart:

 Import-Module ServerManager
Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,InkandHandwritingServices
 

Install Office Web Apps Server

Launch the installation from mounted ISO image on both servers and define the installation location as illustrated below:

 

Create the Office Web Apps Server Farm

Validate the following variables defined in the WAC_ConfigureOWAFarm.xml using the following table:

Variable

Value

Description

CacheLocation

E:\Program Files\Microsoft\OfficeWebApps\Working\d\

Specifies the location of the global disk cache that is used to store rendered image files. The default location is%programdata%\Microsoft\OfficeWebApps\Working\d\.

CacheSizeInGB

50

Specifies the maximum size of the global disk cache in gigabytes

CertificateName

<INSERT FRIENDLY NAME>

Specifies the friendly name of the certificate that Office Web Apps Server uses to create HTTPS bindings.

In the production environment it is not a requirement to specify the CertificateName parameter as the SSLOffloaded parameter is being used and the certificates are installed on the load balancer

EditingEnabled

True

Enables support for editing in the browser

InternalURL

https:// officeweb.<FQDN>

Specifies the URL root that SharePoint use to access the Office Web Apps Server farm

LogLocation

E:\Program Files\Microsoft\OfficeWebApps\Data\Logs\ULS\

Specifies the location on the local computer where activity logs are stored.

LogRetentionInDays

30

Specifies the number of days that log entries are stored. Log entries older than the configured date are trimmed.

MaxMemoryCacheSizeInMB

5000

Specifies, in megabytes, the maximum amount of memory that the rendering cache can use.

RenderingLocalCacheLocation

E:\Program Files \Microsoft\OfficeWebApps\Working\waccache

Specifies the location of the temporary cache for use by the Word and PowerPoint Viewing Services.

SSLOffloaded

True

Indicates to the servers in the Office Web Apps Server farm that SSL is offloaded to the load balancer. When SSLOffloaded is enabled, web applications are bound to port 80 (HTTP) on the local server. However, HTML that references other resources, such as CSS or images, uses HTTPS URLs for those references.

 

Login to the first OWA server (OWA1) and launch PowerShell as administrator. Execute the following command to create the OWA farm:

 Set-ExecutionPolicy Unrestricted –force 
E:\Install\scripts\WAC_ConfigureOWAFarm.ps1 -configLocation E:\Install\scripts\WAC_ConfigureOWAFarm.xml
 

Join Server to the Office Web Apps Farm

Login to  the second OWA server (OWA2) and launch PowerShell as administrator. Execute the following command to join the server to the farm: 

 Set-ExecutionPolicy Unrestricted –force 
Import-Module OfficeWebApps 
New-OfficeWebAppsMachine –MachineToJoin OWA1.<FQDN> -Confirm:$false
 

Create SharePoint Binding

Login to the SharePoint Application Server hosting the Central Administration site and launch SharePoint Management Shell as administrator. Execute the following command to start consuming WAC service: 

 WACServer = "officeweb.<FQDN>"
$WOPIZone = "internal-https" 
 
#Configure SP Farm to OWA Farm
New-SPWOPIBinding -ServerName $WACServer 
 
#Set the WOPI Zone
Set-SPWOPIZone –zone $WOPIZone
Get-SPWopiZone 
 
$config = (Get-SPSecurityTokenServiceConfig)
$config.AllowOAuthOverHttp = $true
$config.Update()

OWAScripts.zip