step 1: plan your domain name and dns zones - microsoft ... · web viewstep 4: join vms to the...

Step by Step Installation of Microsoft Dynamics 365 Finance and Operations on Premise by Umesh PanditDynamics 365 On Premise installation in a Step by Step Process which includes the Hardware Setup, Software Installations, LCS Connectivity and SQL Installations and Configurations. The Steps Provided below are based on Microsoft with more in details for everyone can Install Perspective

Hardware Layout:

The Below provided Hardware specification is for Optimum performance in the Production Environment.

Step 1: Plan your domain name and DNS zones

To Create or Plan your Domain. In the Server Domain go to Administrative Tools>Select Active Directory Domains and Trusts.

Create a New Domain name as Local

Based on the Domain, Now plan the DNS Zones for AX and SF, In our example, as

· Ax.local.com

· Sf.local.com

Step 2 : Plan your users and service accounts

Now the users have to be created in the Domain Machines based on the Purpose of the users to the applied applications

Step 3 : Create DNS zones and add A records

To Create the DNS Zones and A Records to browse the AOS Application and Service Fabric Cluster

As Planned in the Step 1 we need to Create the A records for ax.local.com and Sf.local.com

ADD DNS ZONE:

1. Sign in to the domain controller machine, select Start, and start DNS Manager by typing dnsmgmt.msc and selecting the dnsmgmt (DNS) application.

2. Right-click the domain controller name in the console tree, and then select New Zone > Next.

3. Select Primary Zone.

4. Leave the Store the zone in Active Directory (available only if the DNS Server is a writeable domain controller check box selected, and then select Next.

5. Select To all DNS Servers running on Domain Controllers in this domain: Local.com, and then select Next.

6. Select Forward Lookup Zone, and then select Next.

7. Enter the zone name for your setup, and then select Next. For example, enter local.com.

8. Select Do not allow dynamic updates, and then select Next.

9. Select Finish.

Set up an A record for AOS

In the new DNS zone, create one A record that is named ax.local.com for each Service Fabric cluster node of the AOSNodeType type. Don't create A records for the other node types.

1. Find the newly created zone under the Forward Lookup Zones folder in DNS Manager.

2. Right-click the new zone, and then select New Host.

3. Enter the name and IP address of the Service Fabric node.

4. Do not select either check box.

DNS

Forward Lookup Zones

Namemsdcssites

Timestamp

a Name (uses parent domain name if blank):

p p pp

D CBReverse LoDkup ZonesTrustp oint5 Conditional ForwardersGI obal Logs

u dpD. e . i FIDn ForestDnsZ (same as pa (same as pa(same as pacaracalcara caI1

Fully qualified domain name {FQDN):

IP address:

carac...staticI.com.static

Create assooated pointer {PTR) recordAllow any authenticated user to update DN5 records with th.e

Add Host

File Action View Help

DNS Manager

The same Procedure should be following for remaining AX and SF

ax.local.com for 100.134.198.03

ax.local.com for 100.134.198.03

sf.local.com for 100.134.198.04



Step 4: Join VMs to the domain

1. On the Start screen, type Control Panel, and then press ENTER.

2. Navigate to System and Security, and then click System.

3. Under Computer name, domain, and workgroup settings, click Change settings.

4. On the Computer Name tab, click Change.

5. Under Member of, click Domain, type the name of the domain that this computer will join, and then click OK.

6. Click OK, and then restart the Server.

Step 5 Download setup scripts from LCS

1. Sign in to LCS.

2. On the dashboard, select the Shared asset library tile.

3. On the Model tab, in the grid, select the Dynamics 365 for Operations on-premises - Deployment scripts row.

4. Select Versions, and then download the latest version of the zip file for the scripts.

The Download will get a File with a Name Infrastructure Folder.

1. Right-click the zip file, and then select Properties. In the dialog box, select the Unblock check box.

2. Copy the zip file to the machine that will be used to execute the scripts.

3. Unzip the files into a folder that is named infrastructure.

Step 6: Config Template file configuration:

Once the Infrastructure Folder is download, Copy the File in the C Drive.

1. Update the Domain Name without. Com, .ae, .uk etc

2. Update the users for each purpose with your domain Name

1. In the Second Session update the Certificate Subject Name and add the administrators’ group for the Domain

2. Update the same for all the Certificates

1. Update the VM Name and the IP Address of the VM

2. It is very Important to have Fault Domain and Update domain Identical

Step 7: Service Accounts and User account Mapping:

Execute the scripts from the Script Folder. Navigate to the Infrastructure Folder and Run the script with PowerShell administrator Privileges

0 = | lnfrastructureScripts-131311

Dpen new window

Dpen command grompt

Open Windows PowerShell

Dpen a window you can use to

Pk1

Type

File

folder

File folder

File folder

File folder

Size

Dptions

Help

type commands at a Windows

B ca r « «Rnqs-AIIVk\sB Create-SQLTestCert

B Create-SQLTestCert-AIIVMsB DâabIe-CredSSP-AINMsB + w *- AddEMSAsOnVMScript

B >>•-'•n•'•••'•>'id

5/a/ZDl864l PM t/Z/Z0l864l PM t/ /ZDl864l PM 5/2/2018 Q41 Pi\/I5/2/2018 641 Pk15/2/2018 Q41 Pk15/2/2D18 Q41 PITI

5/2/2018 641 PITIWindouzs PowerS... Windows

PawerS... Tezt Document Windows

PawerS... XML Document Windows

PowerS...

Windouzs PowerS... Windouzs

PowerS... Windows PawerS...

Windows PawerS... Windows

PawerS... Windouzs PowerS...

Windows PowerS... Windouzs

PowerS... Windouzs PowerS...

14 KB

12[B2 KB

14 KB8 KB

l3[B 17[B l9[B 12 KB15[B18[B15[

B l6[B

Script:

Run the below script to import users

Import-Module .\D365FO-OP\D365FO-OP.psd1

New-D365FOGMSAAccounts -ConfigurationFilePath .\ConfigTemplate.xml

Step 8: Administrator Group addition in VM

Add Local\svc-AXSF$ and Local\AXServiceUser users to the administrator group in each VM

To add to the administrator’s group, follow the below steps

Local\svc-AXSF$ and Local\AXServiceUser

Select Local Users and Group

Click Add to Group to Administrator Group

If you must make changes to accounts or machines, update the ConfigTemplate.xml file in the original infrastructure folder, copy it to this machine and then run the following script.

Update-D365FOGMSAAccounts -ConfigurationFilePath .\ConfigTemplate.xml

Step 9: Self Signed Certificate creations

1. Navigate to the machine that has the infrastructure folder.

2. Run the Below comment to create the Self Signed Certificate

.\New-SelfSignedCertificates.ps1 -ConfigurationFilePath .\ConfigTemplate.xml

3.Once the Certificate is created the certificate should be downloaded by running the below script

.\Export-PfxFiles.ps1 -ConfigurationFilePath .\ConfigTemplate.xml

Step 10: Setting up the VMs

In order to Setup the VMS for the Service Fabric Cluster Creation ,Run the below scripts

.\Export-Scripts.ps1 -ConfigurationFilePath .\ConfigTemplate.xml

The Script exports VM Machine Folder which has the script which has to Copied to each machine separately

Step 11: Prerequsities Installation:

1. Download the following Microsoft Windows Installers (MSIs) into a file share that is accessible by all

VMs. Create a Folder with MSI and Copy all the Requsities Software Folder

SNAC – ODBC driver -https://www.microsoft.com/en-us/download/details.aspx?id=53339

Microsoft SQL Server Management Studio 17.5-https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management- studio-ssms

Microsoft Visual C++ Redistributable Packages for Microsoft Visual Studio 2013-https://support.microsoft.com/en- us/help/3179560

Microsoft Access Database Engine 2010 Redistributable-https://www.microsoft.com/en-us/download/details.aspx?id=13255

Copy the Infrastructure from Folder from Domain Machine to all the Machine VM C folder

.\Configure-PreReqs.ps1 -MSIFilePath <path of the MSIs> .Replace the Path of the MSI with the Folder path C:\MSI

Restart all the VMS after installing the Prerequsities

Run the Below Scripts in all VM to set the VM for Service Fabric Cluster.Navigate to C:\InfrastructureScripts- 131311\VMs\AOS1 and execute the below comment

.\Add-GMSAOnVM.ps1

.\Import-PfxFiles.ps1

.\Set-CertificateAcls.ps1

Once the PowerShell Scripts are executed successfully, Run the Below script to test whether all the prerequisites are correctly installed and Configured

The script should complete successfully to proceed to the next

step. Step 12 :Set up a standalone Service Fabric cluster

1. Download the Service Fabric standalone installation package onto orch1 Machine . After the zip file is downloaded, unblock it by right-clicking the zip file and then selecting Properties. In the dialog box, select the Unblock check box in the lower right.

2. Unzip the Files to the C Folder

3. Navigate to the infrastructure folder and execute the following command to generate the Service Fabric ClusterConfig.json file.

.\New-SFClusterConfig.ps1 -ConfigurationFilePath .\ConfigTemplate.xml -TemplateConfig<ServiceFabricStandaloneInstallerPath>\ClusterConfig.X509.MultiMachine.json

4. Copy the generated Clusterconfig.json from the infrastructure folder to the Servicefabric installation extracted Package Folder

5. Now Navigate to the Service fabric and copy the clusterconfig.json file

6. Navigate to the <ServiceFabricStandaloneInstallerPath> in Windows PowerShell by using elevated privileges. Run the following command to test ClusterConfig.

.\TestConfiguration.ps1 -ClusterConfigFilePath .\clusterConfig.json

Once the test Configuration is successfully executed ,Run the below command to create the Service Fabric Clusture.

.\CreateServiceFabricCluster.ps1 -ClusterConfigFilePath .\ClusterConfig.json

Step 13 : Service Fabric cluster Accessibility

After the cluster is created, open the Service Fabric explorer on any client machine to validate the installation.

a. Install the Service Fabric client certificate in CurrentUser\My if it isn't already installed.

b. Go to IE settings > Compatibility Mode and clear the Display Intranet sites in compatibility mode check box.

c. Go to https://sf.local.com:19080, where sf.local.com is the host name of the Service Fabric cluster that is specified in the zone. If DNS name resolution isn't configured, use the IP address of the machine.

d. Select the client certificate. The Service Fabric explorer page appears.

e. Verify that all nodes are appear as green.

Step 14 : LCS Connectivity for the Tenant

1. Run the below comment to Install AzureRm Module for the LCS

connection Import-Module AzureRM

Connect-AzureRmAccount

2. Sign in to the customer's Azure portal to verify that you have the Global Administrator directory role.

3. .\Add-CertToServicePrincipal.ps1 -CertificateThumbprint <OnPremLocalAgent Certificate Thumbprint>

Copy the Onpremlocalagent certificate from config template file.

Sometimes the LCS connectivity fails with an error Service Principal not found

This is because I do not have the Microsoft Dynamics ERP application in my Azure Directory. You can activate the trial version for Dynamics 365 for Operations here: Dynamics 365 for Operations Partner Trial . You need to click on the top right on W ant To add this To existing subscription? - Sign In .

Step 15 : Set Up File Storage.

The Purpose of File Storage machine is to download the Installation File from LCS and Store the file in the Share Location to execute.Ideally the Fileshare can be done in the AOS 1 Machine

On the file share machine, run the following command.

Install-WindowsFeature -Name FS-FileServer -IncludeAllSubFeature -IncludeManagementTools.

AOS Storage

a. In Server Manager, select File and Storage Services > Shares.

b. Select Tasks > New Share to create a new share. Name the share aos-storage.

c. Leave Allow caching of share selected.

d. Check Encrypt data access.

e. Grant Modify permissions for every machine in the Service Fabric cluster except OrchestratorType.

f. Grant Modify permissions for the user AOS domain user (Local\AXServiceUser) and the gMSA user (Local\svc- AXSF$).

Agent

a. In Server Manager, select File and Storage Services > Shares.

b. Select Tasks > New Share to create a new share. Name the share agent.

c. Grant Full-Control permissions to the gMSA user for the local deployment agent (Local\svc-LocalAgent$).

Step 16 : Set Up SQL Server.

· Install SQL Server 2016 SP1 with high availability. (Unless you're deploying in a sandbox environment, where one instance of SQL Server is sufficient. You may want to install SQL Server with high availability in sandbox environments to test high-availability scenarios.)

· SQL Server Version should be SQL Server 2016 SP1 or SP2 and other versions will not support and we have tested with 2017 version also which didn’t support for our deployment

· SQL Server should be installed in Cluster Always-On SQL instance for the Performance

· Run the SQL service as a domain user.

· Self-signed certificate for a Single SQL instance

New-SelfSignedCertificate -CertStoreLocation "cert:\CurrentUser\My" -DnsName "SQL1.Local.com" -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -Subject "SQL1.Local.com"

· Self-signed certificate for an Always-On SQL instance

.\Create-SQLTestCert-AllVMs.ps1 -ConfigurationFilePath .\ConfigTemplate.xml `

-SqlMachineNames SQL1, SQL2 `

-SqlListenerName SQL.LSNR

STEP 17: Enabling SSL Encryption for SQL

Refer the below link for SSL Encryption for SQL

https://support.microsoft.com/en-us/help/316898/how-to-enable-ssl-encryption-for-an-instance-of-sql-server-by-using- mi

STEP 18: SQL Configurations

For each node of the SQL cluster, follow these steps. Make sure that you make the changes on the non-active node, and that you fail over to it after changes are made.

1.Import the certificate into LocalMachine\My, unless you are setting up Always-On, in which case the certificate already exists on the node.

2. Grant certificate permissions to the service account that is used to run the SQL service. In Microsoft Management Console (MMC), right-click the certificate (certlm.msc), and then select Tasks > Manage Private Keys

3. Add the certificate thumbprint to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.x\MSSQLServer\SuperSocketNetLib\Certificate. For example, with SQL Server 2016 SP1: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQLServer\SuperSocketNetLib\Certificate

4.From the start menu, type regedit, then select regedit to open the registry editor.

i. Navigate to the certificate, right-click Modify, then replace the value with the certificate thumbprint.

5.In Microsoft SQL Server Configuration Manager, set ForceEncryption to Yes.

6. SQL Server Configuration Manager, expand SQL Server Network Configuration, right-click Protocols for [server instance], and then select Properties.

7.In the Protocols for [instance name] Properties dialog box, on the Certificate tab, select the desired certificate from the drop-down menu for the Certificate box, and then click OK.

8.On the Flags tab, in the ForceEncryption box, select Yes, and then click OK

9.Restart the SQL Server service.

10. Export the public key of the certificate (the .cer file), and install it in the trusted root of each Service Fabric node.

STEP 19: Creation of Databases

1. Sign in to LCS.

2. On the dashboard, select the Shared asset library tile.

3. On the Model tab, select the demo data for the release that you want and download the zip file.

4. The zip file contains empty and demo data .bak files. Select the .bak file, based on your requirements. For example, if you require demo data, download the AxBootstrapDB_Demodata.bak file.

5.Once the File is downloaded, Copy the database on a separate folder in the SQL Machine.

6.Update the Config template file with the file Location of the downloaded Bak file

· Copy the infrastructure folder to the SQL Server machine and navigate to it in a PowerShell window with elevate privileges.

Step20: Configure the OrchestratorData database

Execute the following script.

.\Initialize-Database.ps1 -ConfigurationFilePath .\ConfigTemplate.xml -ComponentName Orchestrator

This Scripts creates the Orchestrator database for the Purpose of deploying all the applications in the Server Fabric

Main Purpose of Orchestrator Database

· Create an empty database named OrchestratorData. This database is used by the on-premises local agent to orchestrate deployments.

· Grant the local agent gMSA (svc-LocalAgent$) db_owner permissions on the database.

Step21: Configure the Finance and Operations database

Execute the Following Script

.\Initialize-Database.ps1 -ConfigurationFilePath .\ConfigTemplate.xml -ComponentName AOS

.\Configure-Database.ps1 -ConfigurationFilePath .\ConfigTemplate.xml -ComponentName AOS

The Initialize-Database.ps1 script will do the following:

a. Restore the database from the specified backup file.

b. Create a new user that has SQL authentication enabled (axdbadmin).

c. Map users to database roles based on the following table for AXDB.

d. Map users to database roles based on the following table for TempDB.

The Configure-Database.ps1 script will do the following:

a. Set READ_COMMITTED_SNAPSHOT ON

b. Set ALLOW_SNAPSHOT_ISOLATION ON

c. Set the specified database file and log settings

d. GRANT VIEW SERVER STATE TO axdbadmin

e. GRANT VIEW SERVER STATE TO [Local\svc-AXSF$]

Run the following command to reset the database users.

.\Reset-DatabaseUsers.ps1 -DatabaseServer SQL.LSNR.Local -DatabaseName AXDB

Step 22: Configure the Financial Reporting database

Execute the following Script

.\Initialize-Database.ps1 -ConfigurationFilePath .\ConfigTemplate.xml -ComponentName MR

The script will do the following:

a. Create an empty database named FinancialReporting.

b. Map the users to database roles based on the following table.

Step 23: Encrypt Credentials:

On any client machine, install the encipherment certificate in the LocalMachine\My certificate store.

File Home Share View

+- - T B › This PC › Local Disk (C:) > InfrastructureScripts-131311 › Certs

@ Quick acceo

BB Thb PC

§@ Desktop

B Documents

Downlands

Music

Videos

• Local Dâk (Q)

D\ID Drive ( ) SSS :

Name Date m odified Tvoe Site

S/2/2018 7:09 Ph/I Personal Informati... 5 KB

DataEncryption 5/2/20187:09 PM Personal Informati... 5 KBDataSigning 5/2/20187:09 PM Personal Informati... 5 KBFinancialReporting 5/2/20187:09 PM Personal Informati... 5 KBDnPremLocalAgent 5/2/20187:09 PM Personal Informati... 5 KBReportingService 5/2/20187:09 PM Personal Informati... 5 KBSessionAuthentication 5/2/20187:09 PM Personal Informati... 5 KB

5/2/20187:09 PM Personal Informati... 5 KB

Grant the current user read access to the private key of this certificate.

Create the Credentials.json file, as shown here.

{

"AosPrincipal": {

"AccountPassword": "Dynamoic@123"

},

"AosSqlAuth":

{ "SqlUser":

"axdbadmin",

"SqlPwd": "Dynamoic@123"

}

}

· Dynamoic@123 is the encrypted domain user password for the AOS domain user (local\axserviceuser).

· SqlUser is the encrypted SQL user (axdbadmin) that has access to the Finance and Operations database (AXDB), and Dynamoic@123 is the encrypted SQL password.

Copy the .json file to the SMB file share, \\AOS1\agent\Credentials\Credentials.json.

Why this accounts and Password has to be encrypted? While deploying the Application from LCS ,the script checks the encrypted Passwords and Users. If this step is not executed Properly, the deployment will fail.

· Install Install the Microsoft Azure Service Fabric SDK before executing script

Execute the below script to get encrypted Values. The Script has to executed 3 times to get the Value

For AccountPassword

Invoke-ServiceFabricEncryptText -Text Dynamoic@123 -CertThumbprint DSJIJDIJDFDIJFDFSLDSADLSAD968594504209UWEUW9 -CertStore -StoreLocation LocalMachine -StoreName My | Set-Clipboard

Execute the Script and open a notepad and ctrl+V to paste the encrypted Value

For SQL USER

Invoke-ServiceFabricEncryptText -Text axdbadmin -CertThumbprint DSJIJDIJDFDIJFDFSLDSADLSAD968594504209UWEUW9 -CertStore -StoreLocation LocalMachine -StoreName My | Set-Clipboard


For SQLPassword

Invoke-ServiceFabricEncryptText -Text Dynamoic@123 -CertThumbprint DSJIJDIJDFDIJFDFSLDSADLSAD968594504209UWEUW9 -CertStore -StoreLocation LocalMachine -StoreName My | Set-Clipboard


Now Update the 3 encrypted values in the Credentials.Json file

Step 24: Setup SSIS

To enable Data management and Integration workloads, SSIS must be installed on each of the AOS virtual machines. Complete the following steps on each AOS virtual machine.

1. Verify that the machine has access to the SSIS installation and open the SSIS Setup Wizard.

2. In the Feature Selection window, in the Features pane, select the Integration Services and SQL Client Connectivity SDK check boxes.

3. Complete the setup and verify that the installation was successful.

Step 25:Setup SSRS

To Setup the SSRS Machine refer the MS Document below

https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/analytics/configure-ssrs-on-premises

Step26 :Configure ADFS

· Open the ADFS Server and add the ADFS feature addition from Server Manger Roles and Features

· Configure the AD FS identifier so that it matches the AD FS token issuer.

Execute the Below code in Adfs machine in Powershell

$adfsProperties = Get-AdfsProperties

Set-AdfsProperties -Identifier $adfsProperties.IdTokenIssuer

· Set-AdfsGlobalAuthenticationPolicy -PrimaryIntranetAuthenticationProvider FormsAuthentication, MicrosoftPassportAuthentication

For sign-in, the user's email address must be an acceptable authentication input.

Add-Type -AssemblyName System.Net

$fqdn = ([System.Net.Dns]::GetHostEntry('localhost').HostName).ToLower()

$domainName = $fqdn.Substring($fqdn.IndexOf('.')+1)

Set-AdfsClaimsProviderTrust -TargetIdentifier 'AD AUTHORITY' -AlternateLoginID mail -LookupForests $domainName

Once after the ADFS necessary scripts are executed, Application group script should be executed

.\Publish-ADFSApplicationGroup.ps1 -HostUrl https://ax.Local.com

Now after successfully deployed the ADFS, access the url in AOStype node

https://adfs.local.com/adfs/.well-known/openid-configuration

This step is highly important to complete is successfully since the Dynamics on premise user access page opens based on the ADFS redirection Configuration

you successfully access the URL, a JavaScript Object Notation (JSON) file is returned that contains your AD FS configuration, and you will see that your AD FS URL is trusted.

Step 27: Configure a connector and install an on-premises local agent

Sign in to LCS, and open the on-premises implementation project.

Select the Project Setting Tab

Create a On Premise Connector and Edit the Configuration Details

Download the Agent Installer and Verify that the zip file is unblocked. Right-click the file, and then select Properties. In the dialog box, select Unblock.

Unzip the agent installer on one of the Service Fabric nodes of the OrchestratorType type.

Enter the Configuration Details

Execute the below script to get the configurations details

.\Get-AgentConfiguration.ps1 -ConfigurationFilePath .\ConfigTemplate.xml

Edit agent configurationSeivice Fabnc

Azure Active Directory

Configuration Settings

SERVICE FABRIC

Enter the details of your standalone Windows service fabñc cluster. The cluster should be secured with X509 cerbF<ates as specified here https://d++csmicrosoR.com/en—us/azure/service— fabric/service-fabric—windows-cluster-x509-security.

Coasnection endpointExample! <ip address or hastname of one of the cluster nodes > : 19000

1? 3 0 3- 9 D

D a s 650 s

no to *C sett nc s to act”'.’ate '.•' nc o'.','s.

Ediz agenz configurat“ion

Service Fa bric

Azure Active Directory

Configuration Setti ings

Save Cancel

AZURE ACTIVE DIRECTORY

The agent communicates with LCS on behalf of your Azure active directory tenant to orchestrate and manage deployments. Create a certificate to be used as the tenant certificate. This certificate will be used to authenticate requests to LCS on behalf of your Azure active directory tenant. See instructions for more details.

Tenant service principle certificate thumbp rint

Download the Configuration file and copy the file to the local agent folder

In a Command Prompt window, run the following command by navigating to the folder that contains the agent installer.

The user who runs this command must have db_owner permissions on the OrchestratorData database.

LocalAgentCLI.exe Install C:\InfrastructureScripts\Local\LocalAgent-163366\LocalAgent-163366\localagent-config.json

After the Local agent is successfully executed, which will create 2 applications in Service Fabric

On the Validate setup tab, select Message agent to test for LCS connectivity to your local agent. When a connection is successfully established, the page will resemble the following illustration.

'i Setup host infrastructure

3. Configure agent

Cli<t the button below and LC5 wiH vdidcte ›e co•inertion to your on-premâas agant

Step 28: Actual AX/Dynamics 365 FO Environment deployment starts here

Platform Update

Please select a to pa la›

METHODOLOGY

V 3 V 4 5

Dyna'tics 365 TcE - On-Pre'tise

1 2!GepIoy this emiroilicei

SADesign and develop

Test Depl oy Operate

Phase history • Description •

2.1 Deploy development and test environment 3

O 2.2 Define test cases and create test

scripts O 2.3 Sign-off FDDs

O 2.4 Sign-off TDDs

O ^- 5 Analyze code

O 2.6 Identify gold build and signoff

O 2.7 Revise milestone dates

The dev and test environment includes the core application functionality. The environment also includes tools, such as the Microsoft Visual Studio agent which assists in the management and version control of developed items within the development sprint cycles. The dev and test environment is also used during the development sprint cycle for functionality testing by developers and SMEs. The daily build is deployed to the dev and test environment to ensure that the most up-to- date customizations and configurations are available for testing each day. This environment is also used for overall solution testing when all sprints are complete and the final requirements sign off is complete.

Complete

.\Get-DeploymentSettings.ps1 -ConfigurationFilePath .\ConfigTemplate.xml

Data - Notepad —

File Edit Format View Help

Field

Active Directory->OpenID metadata endpointACtiUe Directory->Client ID for AOS application groupACtiUe Dinectony->Client ID fon Financial Reporting application gnoup File Shane->Centificate ThumbpnintSSRS Configuration->Instance IP AddressSSRS Configuration->Communication certificate thumbprint Configure SenUice->DNS host name of Dynamics 365 instance Configure SerUice->AOS SerUice PrincipalConfigure SerUice->NR Application service gMSA Configure SenUice->MR Process service gMSA Configure Service->MR Click-once service gMSA Application Certificate->Data Encryption Thumbprint Application Certificate->Data Signing ThumbprintApplication Certificate->Session Authentication Thumbpnint Application Certificate->SSL (MCI/SOAP) Thumbprint Application Certificate->Nanagement Reporter Thumbprint

Value

https://st--domain. .local/adfs/.well-known.cc06d6"7- ' 76-*“.c7 95^6-7*.360b48a2P87fh .4ac . "' ° ' . o- Ie -2e74d3d870fe

ax.moca.local local\axserviceuser local\sec-fras$ Local\sec-fnps$ Local\sec-fnco$

Click the Advanced Settings

Suppor ed version

Active Directory

Settings SQL Database

Configuration File Share

Setti ng s

SSRS Config urati on Settings

Config ure Ser ce Setting

s Aoplication Certificate

Settings Customize

solution assets

Environment

administrator

ACTIVE DIRECTORY FEDERATION SERVICES SETTINGSThe Email address of the user \\ho \\iII be the initial administrato r (E.g. adnJ [email protected]

ADFS OpenlD metadata end point for the Dynamics 3s3 Application q roup. (E.g. https:,‘/'[federation-service-iJaive],•’adfs,•‘.\'.'ell-know'.n/openid -configurations

ADFS OpenlD Co n nect client ID for the AOS ap plic atio n g rou p

ADFS OpenlD Co n nect client ID for the Financial RegortiiJg application group

Supposed version

Active Directory Settings

SQL Database Configuration

File Share Setti ngs

SARS Configuration Settings

Confi gure Service Setti ng s

Aoplication Cemificate Settings

Customize solution assets

Environment administrator

SQL SERVER

The fully qualified domai n na me of the Microsoft SQL Ser\‘er a r Al\\'a} s on listener, e.g. sq linstance.onprem.contoso.con

AX DATABASE

The business datak ase imam e

FINANCIAL REPORTING DATABASE

The Financial Reporting data base name

Rin n iesin

Supported version

Active Directory Setti ngs

SOL Data oase Configuration

File Snare Settings

SSRS Configuration Setting s

Config ure Service Setting s

Application Cenificate

Settings Customize solution

assets


FILE SHARE SETTINGS

The file share path fa r the Microsoft Dynamics 365 I nstaiJce. TUis share is used as the document store fa r files up loaded by risers.

The File Share Certificate Thu nJ bprint for the Microsoft Dynamics 3G5 Insta wee

Supposed version


SQL Data case Configuration

File Share Setti ngs

SSRS Configuration Settings

Conf is ure Service Settin s s

Aoplication Certificate Settings



SSRS CONFIGURATION SETTINGS

The I F Address of the SARS i instance

The thumb print used by the SSRS ^pF Iication to co nJ nJu nicate faith AX Service

Dep°!o, sent seztinn_s

Supported version


SQL Data oase Configuration

File Share Setting s

SS RS Configuration Setting s

Configure Service Settings

Aoplication Certificate Settings


EnVironment administrator

DYNAMICS 365 DN5 INFORMATION

The DNS host name of the Microsoft DynanJ ics ds 5 instance. e.g. contosoinstance.onprem.contaso.coin

AO5 SERVICE PRINCIPAL USER SETTINGS

The domai n user account to nin the AX Service, e.g.

yourdomain‘,axserviceriser Kaiser

M R SERVICE PRINCIPAL USEK SETTINGS

The group managed service account (gMSA} to ru n the MR application service.. e.g. yourdo nJain*,Svc-FRAS5

The group managed service account (gMSA) to ru n the MR process service, e.g. vourdo ma in*,Svc-FRPSS

Supposed version

Active Di recto ry Settings

SQL Database Configuration

File Share Setting s

SSRS Configuration Settings

Confi S ure Service Settin Ss

Application Certificate Settings



APPLICATION CERTIFICATE SETTINGS

The Thumbprint of the Data Encryption Certificate

The Thuis bprint of the Data Signing Certificate

The Thumbprint of the Session Authentication Certificate

The Thum bpri nt of the SSL Certificate used for \VCF/SOAP SU F Ft

The Thumbprint used by the Ma iJagement Reporter to co nJ nJu nicate \\ith AX Service

Are you sure you want to deploy?

Successfully installed!!!

IF you need any help please send me mail at

[email protected]; I will be reachable at +91-8179810111

Skype: pandit.umesh

Blog: http://msdynamicsaxtips.blogspot.com/