Designing, deploying, and managing Workflow Manager farmsSpencer HarbarArchitect

SPC356

Wictor WilénArchitect

IntroductionsWictor WilénDirector, SharePoint Architect , AuthorConnecta AB, Sweden

Spencer HarbarSharePoint ArchitectEdinburgh, United Kingdom

Honorable shout out and thanks to:Wayne EwingtonPrincipal Consultant, Microsoft New Zealand

Agenda

Introduction to Workflow ManagerWorkflow Manager high level architectureTopology optionsInstallation and configurationBusiness continuity management

What is Workflow Manager?Formerly Azure Workflow Server/Services (AWS)Same “code base” as Windows Azure Service Bus

Windows Workflow Foundation.NET 4.5

Scalable and reliable workflow engineREST basedMulti-tenant capablelogical construct of “scopes” provides partitioning

Comparing 2010 and 2013 WorkflowsSharePoint 2010Legacy approachPrimarily for backwards compatibility (e.g. upgrade)Tightly coupled to SharePoint ServersIn ProcessDeclarative or custom codeAvailable both in SharePoint Foundation and SharePoint Server

SharePoint 2013FutureDecoupled from SharePoint, and supporting other consuming platformsDeclarative onlyOn Premises or CloudConsistent with .NET Framework WorkflowMuch more capableApp friendlyAvailable in SharePoint Server only

High level architecture

Architecture OverviewSharePoint

ContentEvents SharingPeople2010

Workflow

_API (REST OM)

Access Control

OAuth

Service Bus

Workflow Manager

Workflow Service Application Proxy

Workflow Services Manager

Instances Interop

Deployment

Messaging

Work

flow

Clie

nt

Workflow Manager – Front End / Back EndLogically split into Front End and Back End

Front EndResource Management ServicesWorkflow and Activity CRUD operationsInstance Management ServicesInstance queriesApplication Events and Control Messages

Back EndWorkflow HostService Bus

Service Bus Guaranteed message delivery

Publish/SubscribeLoosely coupled

Workflow Manager Client Microsoft.Workflow.Client.dll

Manage workflows (“definitions”), monitor, initiate, and communicate with instances

Required on all SharePoint serversHandles communication with Workflow Manager

Workflow Service Application ProxySharePoint construct

Registered with PowerShell

Broker for all calls to Workflow Manager

Dependent upon Workflow Manager Client

Workflow Services Manager API for managing, monitoring and interacting with workflows – CSOM, JSOM, REST Instances: Access to running instances, including sending messagesDeployment: Saving/publishing/changing workflow definitions, validating XAML, etc.Messaging: Handles how messages are sent from SharePoint to Workflow Manager

Interop: Interaction with 2010 workflow

MessagingInbound notificationsStart/stop workflowEventsManagementOne-way only

Outbound workREST/Web service callsWorkflow Back-End destinationGET, PUT, POST, DELETE, MERGE

Outbound notificationsRegisterInterestConfirmation

Message

Workflow Manager

Message

Notification

Topologies

TopologiesOne or three serversNOT two, NOT four, NOT six, NOT eight….Service Bus and quorum implementation

Each component must run on each serverWorkflow Manager and Service Bus

There are NO other supported topologies

Remember! One or three servers!A farm of two (or four, six etc) can of course be built, but it is NOT supportedAnd more importantly, it won’t provide high availability

Topologies: co-locatedRunning Workflow Manager on adequately resourced Web Servers in the SharePoint farmCarefully factor this into your overall farm topology design

load balancer

Workflow Manager

Workflow Manager

Workflow Manager

Topologies: FederatedWorkflow Manger farm serving multiple SharePoint Farms

load balancer

Workflow Manager

Scope 1(SP Farm 1)

Scope 2(SP Farm 2)

Topologies: ‘Distributed’Multiple Workflow Manger farms serving multiple SharePoint tenantsAnd potentially SharePoint Farms

load balancer

Workflow Manager

Scope 1(SP Tenant1)

Scope 2(SP Tenant 2)

Workflow Manager

Scope 1(SP Tenant3)

Scope 2(SP Tenant 4)

SP Tenant 1

SP Tenant 2

SP Tenant 3

SP Tenant 4

Planning for performance and throughputConsider scale upfrontWorkflow expands rapidlyNew platform enables high scale but you need a plan!

Regularly occurring large loadsExamples include expense reports, timesheets etc at end of financial period

Common gotcha: Network Interface configurationBetween SharePoint and Workflow FarmsBetween Workflow farms and external systems

Scaling outMulti-server farmWorkload automatically distributedLoad balancer for client interaction/REST callsWorkflow Manager: Maximum of three servers

FactorsCPU – Workflow Manager, Service Bus, SQLI/O – SQLNetwork throughput & latency

Scale SQL Server firstLikely to be the first bottleneckServer distribution – Workflow Manager and Service Bus databases on different database serversSQL optimization (file I/O, sizing, etc)However keep it practical (!) – REF Wictor’s topology sesion

Installation and Configuration

Hardware and Software RequirementsHardwareMinimum RAM: 2GbMinimum CPU: 2 GHz Dual CoreMinimum Disk: 1Gb Free

Operating SystemWindows Server 2008 R2 Service Pack 1 (x64)Windows Server 2012 (x64)Development purposes only:

Windows 7 Service Pack 1 (x64)Windows 8 (x64)

Software Pre-requisites.NET Framework 4 Platform Update 3 or .NET Framework 4.5PowerShell 3.0Service Bus 1.0Workflow Client 1.0

Installed using Web Platform Installer (WebPI)Download can be “cached” and performed offlineMore details later

SQL Server RequirementsVersions and EditionsSQL Server 2012 (or Express)SQL Server 2008 R2 SP1 (or Express)

ConfigurationsCollation: Default, SP, BinaryClusteringMirroringAlwaysOn

 SecurityWindows authenticationSQL Server Authentication

Environment RequirementsSQL Server connectivityTCP/IP

SQL Browser service running on SQL ServerWhilst stated, this is NOT actually a requirement!

Named PipesSQL Server machine name < 16 characters (NetBIOS restriction)

FirewallPorts 1443, 12290 and 12291 available (default)Windows Firewall automatically configured if selected (default) during Workflow Manager Farm creationStrongly recommended to use the default ports

User RequirementsConfiguration userThe account used when configuring Workflow ManagerSimilar to the SharePoint “Setup User”Local Admin on serversDBCreator and SecurityAdmin (or pre-create)Also called “Logged In user” or “Current user” in some documentation

RunAs userService Account IdentityUsed for Workflow Manager & Service Bus servicesCan be a separate account for eachBuilt-In accounts NOT supportedFully qualified UPN format (user@domain.com) – this is NOT strictly requiredGranted Log on as a Service right during configuration

Don’t use the same account for both!

Service Account Password ChangesWorkflow Manager and Service BusIf Service Accounts are expired by policy:Using the Configuration Account, or other Workflow Manager and Service Bus Administrator account

Watch out! MSDN refers to interactively logging in as the service account!

msdn.microsoft.com/en-us/library/windowsazure/jj193456(v=azure.10).aspxmsdn.microsoft.com/en-us/library/windowsazure/jj193007(v=azure.10).aspx

SharePoint 2013 RequirementsInteraction between SharePoint and Workflow Manager farms is OAuth 2. Therefore requires:App Management Service Instance and Service ApplicationUser Profile Service Instance and Service ApplicationUsers must be populated in the Profile store

and have valid User Principal Name (UPN)

Workflow Manager validates users by UserPrincipalName (UPN)Ensures they have rights to start instances

If not, instance cancelled

One of the reasons 2013 Workflows are not available in SharePoint Foundation

CertificatesOAuth2 should always be SSLTherefore the Workflow Manager Farm should use SSL Don’t forget the SharePoint side!

Service BusFarm CertificateEncryption Certificate

Workflow ManagerServices SSL CertificateEncryption CertificateOutbound Signing Certificate

Certificates - ChoicesAuto GeneratedSuitable for most deploymentsProvide Generation KeyRequired for every server to join Workflow Manager Farm

Record this value!Configuration takes care of copying them/creating them

Use existing (Domain CA Issued)Must be in the Local Machine\Personal certificate store for all computers in farmAdministrators responsibility to create them and copy them to each machine in the farm(s)Multi server farms must include a Subject Alternative Name for the DNS domain, e.g. *.fabrikam.com

InstallationInstall and configure SharePoint farmIncluding Workflow Manager Client on every server

Install and configure Workflow Manager farmLogged in as Configuration AccountWeb Platform Installerhttp://bit.ly/WebPIWM

Offline InstallOn an Internet connected machine:Download and install WebPICmd.exe http://bit.ly/WebPIv4 From an Administrator Command prompt:webpicmd /offline /Products:WorkflowManager /Path:c:\OfflineWorkflow

Will download Workflow Manager and it’s pre-reqs to the specified folder

Copy contents to intended Workflow Manager server

On Workflow Manager Server(s):From an Administrator Command Prompt:WebpiCmd.exe /Install /Products:WorkflowManager /XML:c:\offlineWorkFlow\feeds\latest\webproductlist.xml

To install Workflow Client (on SharePoint Servers):WebpiCmd.exe /Install /Products:WorkflowClient /XML:c:\offlineWorkFlow\feeds\latest\webproductlist.xml

Configuration WizardStart | All Programs | Workflow Manager 1.0 | Workflow Manager Configuration

Supported screen resolutions:Above 800 x 600 for 100% DPIAbove 1000 x 750 for 125 % DPIAbove 1200 x 900 for 150 % DPI

(seemingly irrelevant detail important in RDP scenarios!)

Leaving a FarmRename a ServerRemove from FarmRename ServerJoin back to Farm

Reduce Farm to one ServerRemove all machines (keep databases)Join existing farm from existing machine

Connecting to SharePointMSMQ ConfigurationOptional ConfigurationEnables Asynchronous Event MessagingSupports disconnected scenarios (e.g. maintenance windows in large environments)Enable MSMQ on SharePoint ServersIn this case, Workflow Manager can NOT be co-located with SharePoint

PowerShell$proxy = Get-SPWorkflowServiceApplicationProxy$proxy.AllowQueue = $true; $proxy.Update();

Validating install and configurationGet-SBFarmStatus & Get-WFFarmStatusWill report on Windows Services state and http(s) availabilityWindows Services:

Workflow Manager BackendService Bus Message Broker <- will often take a while to startService Bus GatewayWindows Fabric Host Service

SharePointSharePoint Service Application ProxySharePoint Designer Platform Type

But neither validate it’s actually working!The ONLY way to properly test is to create,publish and execute a 2013 Workflow!

Demo

Creating a new Workflow Manager FarmConnecting to SharePoint

Business Continuity Management

Fault TolerancePoints of Failure

Manual Workflow StartSharePoint Workflow Manager

20 seconds

Event NotificationWorkflow auto-start or mid-processing eventSharePoint Workflow Manager:

Will survive a server crash (durably stored)Content DB – Event Cache table

Processed when another workflow event happens

Workflow Backend processingService bus retriesOnce message is stored by Service Bus, processing is “guaranteed”SQL Server as durable message storage

Fault ToleranceService BusMessages are read and locked for a defined period of timeDefault = 45 secondsOther consumers cannot retrieve the message

On same subscriptionPeek/Lock Read

Reads and locks the message until it is deleted or lock duration expiresGuarantees at-least once delivery of message

Unlock MessageAbandons processing

Fault ToleranceService Bus

Once message retrieved, one of four things can happen1. Complete – consuming application successfully completes processing the message so

it is deleted from SBWorkflow does this when the workflow persists2. Abandon – consuming application discards the message so it is available for other

consumersWorkflow does this when an exception is thrown and caught during processing3. Renew – consuming application needs more time to process the message

Workflow does this automatically for long-running operations via a background threadNot as relevant to SharePoint style workflows

4. Expire – consuming application does not do one of the above before the lock time runs out. Message is now available to be picked up and processed again

E.g. Process crash

Message will be retried

Persistence PointsPersistence = Workflow state recorded in DBMessage transaction completed and message deleted from DBHappens onAny outbound callDelay activity/action

High AvailabilityThree servers required for high availabilityAlso provides load balancing

Scale SQL and SharePoint separately

MonitoringWorkflow Manager Pack for SCOMhttp://www.microsoft.com/en-us/download/details.aspx?id=35384

Disaster Recovery overviewRecoveryDatabase restorePoint-in-Time (temporally similar)

Databases Workflow and Service Bus Farm Management DBs not required

Full farm or individual tenant (scope)

DR preparations – data tierStandard SQL techniquesMirroringLog ShippingAvailability Groups

Use standard SQL Backup and restoreService Bus and Workflow manager has the required cmdlets

DR preparations – compute tierCold StandbyCreate a new farm using SQL Backups, or replicated data, and scripts

Warm StandbySecondary farm, with compute nodes turned offUse scripts to resume standby farm

Hot StandbyNot supported

Disaster Recovery RequirementsSymmetric KeyKeep it in a safe placeWithout it you will NOT be able to restore

Note time of “disruption”The approximate time is required to replay some operations

DatabasesAll Service Bus and Workflow databases, except the two Management databases, are required for a full Workflow Manager restore operation

DR Scenarios 1/2Loss of one or more Workflow/Service Bus databasesUninstall Workflow ManagerReinstall Workflow ManagerRestore Database BackupsUse the Service Bus/Workflow Restore Process and then scale-out

Loss of entire Workflow farmRestore databasesRebuild farm and use the Restore Process and then scale-out

DR Scenarios 2/2Loss of a WF/SB serverInstall Workflow Manager on a new server- Drop the Management Databases, use the Restore Process and then scale-out- or- Remove the old WF/SB Server and join a new one

Loss of a Workflow ScopeRestore Backup (do not overwrite)Use the Restore-WFScope cmdlet

Full Restore ProcessRestore Service Bus FarmCreates new SB Management databaseUse the same ports and configurationUse the Install account

Restore Service Bus GatewayRestore Service Bus Message ContainerSpecify the Id of the container

Add Service Bus host to machineConfigure Service Bus NamespaceUsing the original Symmetric key

Full Restore Process (cont.)Restore Workflow FarmCreates a new Management databaseSpecify the time of disruption, used for consistency checksVerification log (relative path) contains warnings about “suspect” inflight workflows

Add Workflow host to machine

On host 2 and 3Add the Service Bus HostAdd the Workflow Host

Applying UpdatesCo-ordinating updates between SharePoint and Workflow ManagerAfter applying updates, you should rerun Register-SPWorkflowService with the -Force switch. Adds a new deployment group Republishes any updated SharePoint activities (in SharePoint update) to the Workflow Manager farm

Wrap Up

Session Objectives and TakeawaysUnderstand the Workflow Manager architectureConfigure and Deploy Workflow ManagerApply appropriate business continuity strategies for Workflow Manager

MySPCSponsored by

connect. reimagine. transform.

Evaluate sessionson MySPC using yourlaptop or mobile device:myspc.sharepointconference.com

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.