Every effort has been made to ensure the accuracy of this
book. This content is also available online in the Office System TechNet
Library, so if you run into problems you can check for updates at:
http://technet.microsoft.com/office
If you do not find your answer in our online content, you
can send an email message to the Microsoft Office System and Servers content
team at:
itspdocs@microsoft.com
If your question is about Microsoft Office products, and not
about the content of this book, please search the Microsoft Help and Support
Center or the Microsoft Knowledge Base at:
http://support.microsoft.com
This deployment guide describes
the overall process to install and configure Duet Enterprise for Microsoft
SharePoint and SAP Server 2.0 Preview on a single computer that is running
Windows Server 2008 R2 SP1, SharePoint Server 2013 Enterprise, and SQL Server
2008 R2 with Service Pack 1 (SP1).
This process is for a SharePoint
administrator to view Duet Enterprise 2.0 Preview functionality and is intended
to provide only a baseline proof of concept that demonstrates core Duet
Enterprise 2.0 Preview features and connectivity. It is not intended to provide
multiple computer deployment instructions or multiple farm deployment
instructions.
This article describes the
planning that you should do before you begin an installation of Duet Enterprise
for Microsoft SharePoint and SAP Server 2.0 Preview. The procedures and
information presented in this article are listed in the order in which they
must be used. All hardware and software must comply with the information found
in Hardware and software requirements for Duet Enterprise for Microsoft
SharePoint and SAP Server 2.0 Preview.
The installation and configuration process will require
several hours to complete. You will need to work with your SAP administrator
who will provide you with a SAPSSL.cer certificate and the endpoint URLs. You
will provide the SAP administrator with two certificates: SharePointSSL.cer and
DuetRoot.cer and the publishing URL of your extended SharePoint site. We
recommend that you schedule time when both the SharePoint administrator and the
SAP administrator are available. In addition to the items listed in this
article, you need to review all hardware and software requirements for Duet
Enterprise 2.0 Preview and also for all Windows, SQL Server, and SharePoint
Server computers that are used for this deployment.
The overall installation and configuration process will
proceed in the following order:
We recommend that you obtain and record this information
before you begin your deployment. We have provided the following deployment
reference table that lists the names of the accounts and service applications
described in the Duet Enterprise 2.0 Preview install and configure process.
The Name
as documented
column in this table contains the names of the items you are tracking while
deploying Duet Enterprise. These are the names that are referred to throughout
this guide. The Name used column is for your use to record the names of these
items.
·
Table: Deployment reference for Duet Enterprise 2.0
|
Name as documented
|
Name used
|
|
|
|
|
Secure Store Service Application
|
|
|
EndPoint URL: MetadataURL
|
|
|
EndPoint URL: LsiUrl
|
|
|
Business Data Connectivity Service Application
|
|
|
User Profile Service Application
|
|
|
Certificate: SharePoint SSL
|
|
|
Certificate : SAP SSL
|
|
|
Certificate : Duet Root
|
|
|
Security Account: Duet Admin
|
|
|
Security Account: DuetPublisher
|
|
|
Web Application: DuetEnt
|
|
|
Web Application (Extended): DuetEntEx:443
|
|
|
Site Collection: sites/DuetEnterprise2
|
|
|
Site Collection: Blank Site Template
|
|
|
Site: DuetReportingandWorkflow
|
|
|
Site: Blank Site Template
|
|
In this article:
·
Endpoint URL requirements
Endpoint URLs are URL links that point the SharePoint Server
system to specific endpoints in the SAP system and are bound to each imported
Business Data Connectivity (BDC) model. These URLs must be obtained from the
SAP administrator for each BDC model that you import. There are two URLs for
each model:
·
LsiUrl This is the service URL
with which SAP exposes data for a particular feature.
·
MetadataURL This will be automatically
be picked up by the LsiUrl when the command is run.
·
Certificate requirements
You need three certificates to help secure Duet Enterprise
2.0 Preview communications between clients and the server and between the
servers running SharePoint and SAP. These certificates are created during the
Duet Enterprise 2.0 Preview installation process on both the SharePoint and SAP
systems.
·
DuetRoot.pfx Created when you configure
a root certificate by using the DuetConfig.exe
–createselfsignedcertificate
command. This certificate is used to create user certificates that are sent to
SAP along with end-user requests. The process for creating this certificate
must be completed in the following order:
1. Create the certificate as a .pfx file.
2. Configure the certificate. This includes
storing it in the Secure Store Service Application.
3. Export the certificate as a .cer file. This
is necessary because SAP systems accept certificates in .cer file format only.
4. Share the .cer file with the SAP
administrator. The SAP administrator will create a trust relationship for this
certificate.
·
SharePointSSL.cer Secures server requests
for calls from SAP to SharePoint. This certificate is created on the SharePoint
system by using Internet Information Services (IIS) Manager, exported by using
the Microsoft Management Console, and shared with the SAP administrator to be
trusted in the SAP system.
·
SAPSSL.cer Secures server requests
for calls from SharePoint to SAP. This certificate is created on the SAP system
and shared with the SharePoint administrator to be trusted in the SharePoint
system.
·
Active Directory account
requirements
Two Active Directory Domain Services (AD DS) accounts
are required to install Duet Enterprise 2.0 Preview, as shown in the following
table.
·
Table: Domain accounts required to install Duet Enterprise 2.0
|
Account
|
Purpose
|
Requirements
|
|
DuetAdmin
|
·
Runs
Setup.exe
·
Runs
DuetConfig.exe commands
|
·
A
member of the Windows Administrators group on the computer that is running
SharePoint Server 2013 Preview.
·
A
member of the Farm Administrators group on the SharePoint Server farm on
which you are installing Duet Enterprise 2.0 Preview.
·
Full
Control permissions on the User Profile service application is required to
configure RoleSync by using the DuetConfig.exe
–configurerolesync command.
|
|
|
|
|
|
DuetPublisher
|
Used by the SAP system to connect to the SharePoint system
for pushing reports and workflow notifications.
|
No permissions need to be set on the SharePoint Server
2013 Preview farm for this account.
You must give the name of this account to the SAP
administrator.
|
·
Hardware and software requirements for Duet
Enterprise for Microsoft SharePoint and SAP Server 2.0 Preview
This article describes hardware,
software, user account, service account, services, and Duet Enterprise for
Microsoft SharePoint and SAP Server 2.0 Preview-specific requirements.
In this article:
·
Basic hardware and software
requirements
Duet Enterprise 2.0 Preview requires SharePoint Server 2013
Preview. All other hardware and software requirements are the same as for
SharePoint Server 2013 Preview. For more information, see Hardware and software requirements
(SharePoint 2013 Preview).
·
Topology requirements
All SharePoint farm topologies and architectures that are
supported in SharePoint Server 2013 Preview are supported by Duet Enterprise
2.0 Preview. These deployment procedures describe only the processes required
to install Duet Enterprise 2.0 Preview on a single computer. For more
information, see Design server farms and topologies (SharePoint
2013 Preview).
·
Browser requirements
Duet Enterprise 2.0 Preview supports the same browsers as
SharePoint Server 2013 Preview. For more information, see Plan browser support (SharePoint 2013
Preview).
·
Office client application requirements
Office client integration with Duet Enterprise 2.0 Preview
requires Office Professional Plus 2013 Preview. The installation of Office 2013
Preview must not be a click-to-install version because Microsoft Business
Connectivity Services does not support Click-to-Run.
·
Service and service application
requirements
The following SharePoint service applications must be
configured and active in SharePoint Server 2013 Preview before you install Duet
Enterprise 2.0 Preview.
·
Business Data Connectivity
service Application This
service application lets you connect SharePoint Server 2013 Preview solutions
to sources of external data and to define external content types that are based
on that external data.
·
State Service This service application
is used for the Duet Enterprise 2.0 Preview Workflow solution.
·
Security Token Service
Application This
service application is used for internal claims security.
·
Secure Store Service
Application This
service application stores end-user’s credentials in a client certificate used
to authenticate the user on the SAP NetWeaver Gateway 2.0.
·
User Profile Service Application This service application
is required for the role synchronization feature of Duet Enterprise 2.0
Preview.
This article describes how to
prepare a SharePoint Server 2013 Preview environment to host Duet Enterprise
for Microsoft SharePoint and SAP Server 2.0 Preview. It includes all the
necessary procedures provided in the order in which they must be performed.
Where necessary, Duet Enterprise 2.0 Preview specific steps are included. In
all other cases, the procedures are the same as those for SharePoint Server
2013 Preview.
In this article:
·
Before you begin
Before you perform any of the following procedures, read the
following Duet Enterprise 2.0 Preview installation and configuration articles
in the order listed. We recommend that you do not continue until you read these
articles.
Because SharePoint 2013 Preview runs websites in Internet
Information Services (IIS), administrators and users depend on the
accessibility features that browsers provide. SharePoint 2013 Preview supports
the accessibility features of supported browsers. For more information, see the
following resources:
·
Create a new web application for
Duet Enterprise 2.0
Duet Enterprise 2.0 Preview requires at least one web
application. This web application is used to host one or more sites that
surface information from SAP. Use the following procedure to create a new web
application for Duet Enterprise 2.0 Preview.
To create a new web application
for Duet Enterprise 2.0
1.
Verify
that you have the following administrative credentials: Farm Administrators
SharePoint group.
2.
On the
SharePoint Central Administration website, in the Application
Management section, click Manage Web applications.
3.
On the Web Applications Management page, on the ribbon, click New. The Create new Web
Application window opens.
4.
In the Create New Web Application window, in the IIS Web Site section, select the following:
·
Select Create a new IIS website.
·
Leave Port default, and
record the port number. This will be used later for configuring alternate
access mapping.
·
Leave Host Header default
(blank).
·
Leave Path default.
5.
In the Security Configuration
section, select the following:
·
Leave Allow Anonymous
default (No).
·
Leave Use Secure Sockets Layer (SSL) default (No).
6.
In all
other sections, leave all selections as the default.
7.
Click OK to create the new
web application. A progress window is displayed. When complete, the progress
window closes and the web application that you created appears on the Web Applications
page.
·
Extend the web application in
Duet Enterprise 2.0
Use this procedure to extend the web application to create a
SSL-enabled web application that will be used for secure transactions between
the SharePoint system and the SAP system.
To extend the web application in
Duet Enterprise 2.0
1.
Verify
that you have the following administrative credentials: Farm Administrators
SharePoint group.
2.
In
Central Administration, in the Application Management section, click Manage
Web applications.
3.
On the Web Applications Management page, select the new web application that you created. In the Ribbon,
click Extend. The Extend Web Application to Another IIS Web
Site window opens.
4.
In the IIS Web Site
section, leave all settings as the default.
5.
In the Security Configuration
section, for Use Secure Sockets Layer (SSL), select YES.
6.
In the Claims Authentication Types section, select Basic authentication
(credentials are sent in clear text).
7.
In the Public URL section,
the URL for this web application is shown in the URL box. Record this URL and
add the required fully qualified domain information to it. Then send this full
URL to the SAP administrator. This full URL should be in this format: https:// servername.domain.com:portnumber. The SAP administrator will need this full URL when the SAP
administrator configures an RFC Destination to send workflows and reports from
SAP to SharePoint.
8.
Leave
all other settings as the default, and then click OK to extend the web application.
9.
The Extend Web Application to Another IIS Web Site window closes and the new web application
is extended. No visual confirmation is provided.
·
Create and manage the SharePoint
SSL certificate
After extending the new web application that you created,
you must create an SSL certificate and bind that certificate to the extended
web application. This certificate is named the SharePointSSL.cer certificate.
Once created and bound in to the extended web application in SharePoint, you
will export it and share it with the SAP administrator who imports it into the
SAP system. The procedures for this are as follows:
1.
Create
the SharePointSSL.pfx certificate.
2.
Bind
the SharePointSSL.pfx certificate to the extended web application.
3.
Export
the SharePointSSL certificate as a .cer file to your local file system.
4.
Share
the SharePointSSL.cer certificate with the SAP administrator.
·
Create the SharePointSSL.pfx
certificate and export the SharePointSSL.cer certificate
This is the first of four SharePointSSL certificate
management procedures. The SharePointSSL.cer certificate is created by using
IIS Manager (inetmgr). This certificate will be bound to the extended web
application that you just created and used to help secure communications between
the SharePoint and SAP systems.
To create the SharePointSSL.cer
certificate
1.
Verify
that you have the following administrative credentials: Farm Administrators
SharePoint group and a member of the Windows Administrators group on the server
where this procedure is run.
2.
Click Start, and then
click Run.
3.
In the Run text box, type: inetmgr, and then
click OK.
Internet Information Services (IIS) Manager opens.
4.
Under Connections, expand
the tree node next to the host computer.
5.
Expand
the Sites
node and confirm that the new web application and the SSL-enabled extended web
application are displayed under the Sites node.
6.
In the Connections section,
select the host computer. The ASP.Net, IIS, and Management sections display for this computer.
7.
Select Server Certificates.
The Server Certificates section is displayed.
8.
In the Actions section,
select Create Self Signed Certificate.
9.
The Create Self Signed Certificate wizard opens.
10. In the Specify a
friendly name for the certificate
field, type SharePointSSL, and then click OK. The SharePointSSL.cer certificate is
created and the Create Self Signed Certificate Wizard closes.
11. The SharePointSSL certificate is displayed
in the Server Certificates section.
·
Bind the SharePointSSL.cer
certificate to the extended web application
This is the second of four SharePointSSL certificate
management procedures. The SharePointSSL.cer certificate is bound to the
extended web application that you created by using IIS Manager (inetmgr).
To bind the SharePointSSL.cer
certificate to the extended web application
1.
Verify
that you have the following administrative credentials: Farm Administrators
SharePoint group and a member of the Windows Administrators group on the server
where this procedure is run.
2.
In IIS
Manager, in the Connections section, select the extended web
application that you created, and then in the Actions section, click Bindings.
3.
The Site Bindings window
opens. Select Edit.
4.
In the Edit Site Binding
window, in the SSL certificate section, in the drop-down list, select SharePoint SSL, and
then click Close.
5.
The
SharePointSSL certificate is now bound to the extended web application.
·
Export the SharePointSSL.cer
certificate
This is the third of four SharePointSSL certificate
management procedures. The SharePointSSL.cer certificate is exported so that it
can be shared with the SAP administrator. This process is completed by using
IIS Manager.
To export the SharePointSSL.cer
certificate
1.
Verify
that you have the following administrative credentials: Farm Administrators
SharePoint group and a member of the Windows Administrators group on the server
where this procedure is run.
2.
Open
the Microsoft Management Console (MMC) by clicking Start, select Run, and then type MMC in the Run box.
3.
The MMC
opens as Console 1.
4.
Select File, and then click
Add/Remove Snap-in. The Add or Remove Snap-ins window opens.
5.
In the Add or Remove Snap-ins
window, select Certificates.
6.
In the Certificates Snap-in
window, select Computer account, and then click Next.
7.
In the Select Computer
window, leave all settings default, and then click Finish. The Certificates
Snap-in window closes and
certificates are displayed in the Add or remove
Snap-ins window in the Selected Snap-ins
section.
8.
Click OK. The Add or Remove Snap-ins
window closes and Certificates (Local Computer) are displayed in the MMC tree.
9.
In the
MMC tree, expand Certificates (Local Computer).
10. Expand the Personal node, and then select Certificates. The
SharePoint SSL certificate will be displayed as a self-signed certificate where
the Issued To and Issued By fields are the same and both display the name of the host computer as
seen in IIS Manager.
11. Select the SharePointSSL certificate that
displays the same Issued To and Issued By information.
12. The Certificate Export Wizard opens.
13. Click Next. The Export Private
Key page is displayed. Leave
all settings as the default.
14. Click Next. The Export File
Format page is displayed. Leave
all settings as the default.
15. Click Next. The File to Export page is displayed. Select Browse to select a
location to export the file. The Save As dialog opens. Choose somewhere easy to
access and remember.
16. In the Save As dialog after you have selected a location,
in the File name field, type SharePoint SSL, and then click Save. The Save As dialog closes and the Certificate Export Wizard, File to Export page is displayed with the path and name of
the certificate populated in the File name field.
17. Click Next. The Completing the Certificate Export
Wizard displays and lists all the information that was selected during the
export process.
18. Click Finish to export the SharePointSSL.cer
certificate. The Certificate Export Wizard success dialog box displays the following message:
The export was successful.
19. Click OK. The Certificate Export Wizard closes. You
have exported the SharePointSSL.cer certificate to the location that you chose.
·
Create an alternate access mapping
The web application that you created earlier must be
available by using the URL that is specified in the SSL certificate that you
bound to that web application. This is because the web application was not
created by using the fully qualified domain name (FQDN) but the certificate
uses the FQDN. You must create an alternate access mapping to specify the URL
that is listed in the certificate.
An example of an FQDN is http://server.contoso.corp.com:3000.
In this example, the short URL would be http://contoso:3000.
To complete this procedure, you must know the port number
that you assigned to the extended web application and the fully qualified
domain name in the certificate that you created. You recorded the port number
of the extended web application earlier. You can view the FQDN by
double-clicking the SharePointSSL.cer file in Windows Explorer.
To create an alternate access
mapping
1.
In
Central Administration, on the Quick Launch, click System
Settings.
2.
In the Farm Management
section, click Configure alternate access mappings.
3.
On the Alternate Access Mappings page, ensure that the web application to which you are configuring for
Duet Enterprise 2.0 is listed in the Alternate Access
Mapping Collection row on the
top-right corner of the page. If this web application is not the web
application that you are configuring for Duet Enterprise 2.0 Preview, click the
drop-down arrow, click Change Alternate Access Mapping
Collection, and then select the
web application that you want to configure from the list.
4.
On the Alternate Access Mappings page, click Add Internal URLs.
5.
In the Add Internal URL
section, do the following:
a)
In the URL protocol, host and port box, type the FQDN for the URL of the extended port. This URL should be
in the form of https://west.contoso.corp.com:3000.
b)
In the Zone list, select
the zone that you want to use for this URL.
This is the name of the zone that you selected when you
extended the web application in the previous procedure.
6.
Click Save.
The alternate access mapping
that you created appears on the Alternate Access Mappings page.
·
Share the SharePointSSL.cer
certificate with the SAP administrator
This is the final of four SharePointSSL certificate
management procedures. The SharePointSSL.cer certificate is now created, bound,
and exported from the SharePoint system. It must now be given to the SAP
administrator who will use SAP trust manager to trust the certificate in the
SAP system.
1.
Either
share the location where the SharePointSSL.cer certificate is on the host
computer file system, or transfer the file to an SAP host computer according to
the SAP administrator’s instructions.
2.
When
the SharePointSSL.cer is successfully transferred to the SAP administrator, you
are ready to continue with the installation Duet Enterprise 2.0 Preview on your
host computer.
The articles in this section
describe how to install and configure Duet Enterprise for Microsoft SharePoint
and SAP Server 2.0 Preview on servers that are running SharePoint Server 2013
Preview. Additional configuration is required in the SAP environment to create
a complete and functioning deployment of Duet Enterprise 2.0 Preview. For
information about the steps that are required to configure Duet Enterprise 2.0
Preview in the SAP environment, see Duet Enterprise SAP Deployment Guide on the SAP Support Portal website.
The process to install Duet Enterprise 2.0 Preview has five
stages. These five stages use a combination of the user interface in the
SharePoint Central Administration website and the Windows command line. Each of
the five stages of the Duet Enterprise 2.0 Preview deployment has specific
steps that must be performed.
In this section:
·
Stage 1: Install binary files in Duet
Enterprise for SharePoint and SAP Server 2.0 Preview The Duet Enterprise 2.0
Preview binary files are copied from the installation source to the host
computer by the SharePoint administrator.
·
Stage 2: Install, configure, and register
Duet Enterprise for Microsoft SharePoint and SAP Server 2.0 Preview Duet Enterprise 2.0
Preview is installed and configured by using the DuetConfig.exe
–install command.
·
Stage 3: Create a master key for Duet
Enterprise for SharePoint and SAP Server 2.0 Preview A master key is created in
the Secure Store Service application for use with Duet Enterprise 2.0 Preview.
·
Stage 4: Manage DuetRoot certificates in
Duet Enterprise for SharePoint and SAP Server 2.0 Preview The SharePoint
administrator creates, configures, exports, and shares the DuetRoot certificate
with the SAP administrator.
·
Stage 5: Configure a trust relationship between
SharePoint and SAP The
SharePoint administrator performs additional security configuration between the
SharePoint and SAP systems.
These procedures must be completed in the order listed.
·
Before you begin
Make sure that you have all the needed information from your
SAP administrator before you begin these procedures. This includes the
following:
·
LsiUrl
– Links the SAP system to the SharePoint system. Required for importing models.
·
MetadataURL
– Links the SAP system to the SharePoint system. Required for importing models.
·
All
user accounts created in Active Directory and ready to use in the SharePoint
system.
·
All
services and service accounts turned on and created.
·
All web
applications created and extended for Duet Enterprise 2.0 Preview.
·
The
SharePointSSL certificate created, bound, exported, and shared with the SAP
administrator.
·
The
SAPSSL certificate created, trusted (on the SAP system), exported, and shared
with the SharePoint administrator.
This article describes the
procedure to install binary files in Duet Enterprise for Microsoft SharePoint
and SAP Server 2.0 Preview. This is stage one in an installation of Duet
Enterprise 2.0 Preview.
·
Install Duet Enterprise 2.0 binary files
Use this procedure to copy files from an installation point
to the front-end web server that will host Duet Enterprise 2.0 Preview.
To install Duet Enterprise 2.0
binary files
1.
Verify
that you have the following administrative credentials: Windows Administrators
group on the front-end web server that is running SharePoint Server 2013
Preview.
2.
As
administrator, open a Windows Command Prompt window.
3.
At the
command prompt, type cd:\directory\, where directory is the local or network location of the
Duet Enterprise setup files.
4.
From
the installation location of the Duet Enterprise 2.0 Preview files, type the
following command, and then press ENTER:
setup.exe /install
The Duet Enterprise 2.0 Technical Preview for Microsoft
SharePoint and SAP license agreement is displayed.
5.
On the Duet Enterprise 2.0 Technical Preview for Microsoft SharePoint and
SAP license agreement page,
select the I accept the terms in the license agreement check box, and then click Install.
6.
When
complete, you receive the following message: Duet
Enterprise setup completed successfully.
7.
The
Duet Enterprise 2.0 Preview binary files are now copied to the host computer.
·
Verification
Verify that the following files and folders are created in
the default directory path C:\Program Files\DuetEnterprise\2.0.
·
BDC
Models (Folder)
·
Solutions
(Folder)
·
DuetConfig.exe
·
DuetConfig.Intl.dll
·
OBA.Server.Logging.Resources.dll
·
Stage 2: Install, configure, and register
Duet Enterprise for Microsoft SharePoint and SAP Server 2.0 Preview
This article describes the
installation and configuration of Duet Enterprise for Microsoft SharePoint and
SAP Server 2.0 Preview. After this procedure is complete, additional
configuration is necessary.
·
Install, configure, and register Duet Enterprise 2.0
Use this procedure to perform a basic deployment
configuration of Duet Enterprise 2.0 Preview and to create a target application
in the default Secure Store Service service application. This procedure assumes
that you are still logged on to the same host computer with the same
administrative account that you chose to use for all processes and services.
Before you perform the following procedure, verify that the account that you
will use to run DuetConfig.exe is both a member of the Farm Administrators
SharePoint group and is granted Full Control permissions on the User Profile
service application.
To install, configure, and
register Duet Enterprise 2.0
1.
Log on
to the host server as a member of the Farm Administrators group.
2.
Click Start, click All Programs, and
then click Accessories.
3.
Right-click
the command prompt, and then click Run as administrator.
4.
At the
command prompt, navigate to the folder that contains the DuetConfig.exe file.
By default, this is the C:\Program files\Duet Enterprise\2.0\ folder.
5.
At the
command prompt, type the following command, and then press ENTER:
DuetConfig -install
6.
When
DuetConfig.exe is complete, at the command prompt, you receive the following
messages:
·
Successfully registered the
diagnostic service
·
Successfully installed all
features
·
Successfully registered health
rules
·
Successfully installed help
files
·
Successfully configured Duet
Enterprise
7.
The
Duet Enterprise 2.0 Preview files are now configured and you are ready to
create a master key.
This article describes the
procedure to create a master key for the Secure Store Service in Duet
Enterprise for Microsoft SharePoint and SAP Server 2.0 Preview.
A master key allows secure communications between SharePoint
Server 2013 Preview and SAP. Specifically, the communication is between the
Secure Store Service service application and the SAP NetWeaver server.
For more information about how to create a master key and
configure the Secure Store, see Configure Secure Store in Configure the Secure Store Service in
SharePoint 2013 Preview.
·
Create a master key
A master key is required to successfully configure the
DuetRoot.pfx certificate. Use this procedure to generate a new master key.
To create a master key
1.
Verify
that you have the following administrative credentials: Windows Administrators
group on the front-end web server that is running SharePoint Server 2013
Preview to complete this procedure. You must also be a member of the Farm
Administrators group on the SharePoint Server farm on which you are installing
Duet Enterprise 2.0 Preview.
2.
On the
SharePoint Central Administration website, click Application
Management.
3.
On the Application Management
page, click Manage service applications.
4.
On the Manage Service Applications page, scroll down the list of service applications, and then select Secure Store service application.
5.
On the Secure Store Service Application page, click Generate New Key. The Generate New
Key window opens.
6.
Type a
pass phrase in the Pass Phrase and Confirm Pass
Phrase boxes, and then click OK. Record this pass
phrase.
7.
A new
master key is created.
·
Stage 4: Manage DuetRoot certificates in
Duet Enterprise for SharePoint and SAP Server 2.0 Preview
This article describes the
procedure to manage the DuetRoot.pfx and DuetRoot.cer certificates in Duet
Enterprise for Microsoft SharePoint and SAP Server 2.0 Preview.
In this article:
·
Create the DuetRoot.pfx self-signed certificate and target
application in the Secure Store service application
Create a self-signed root certificate by using the DuetConfig.exe
-CreateSelfSignedCertificate command. Use this procedure if you want to create a
self-signed certificate. This procedure creates a self-signed certificate that
is issued by the Duet Root Certificate Authority and stores the certificate in
the Secure Store Service service application named “DuetApp.”
To create the DuetRoot.pfx
self-signed certificate and target application in the Secure Store service
application
1.
As
administrator, open a Windows Command Prompt window.
2.
At the
command prompt, navigate to the folder that contains the DuetConfig.exe file.
By default, this is the C:\Program files\Duet Enterprise\2.0\ folder.
3.
At the
command prompt, type the following command, and then press ENTER:
DuetConfig – CreateSelfSignedCertificate –Path
c:\DuetRoot.pfx –Password
(If no password is given here,
you are prompted to enter one after you press ENTER. If that occurs, enter a
password and press ENTER again.) Record this password.
4.
At the
command prompt, you receive the following message: Certificate
“c:\DuetRoot.pfx” has been generated successfully.
5.
The
Duet Enterprise Root certificate is now created and is ready to be configured
for use with the Secure Store Service service application.
6.
You are
now ready configure the DuetRoot.pfx certificate and create a target
application with it in the Secure Store Service service application.
·
Configure the DuetRoot.pfx certificate
Use this procedure to configure the DuetRoot.pfx certificate
and create a target application in the Secure Store Service service
application.
To configure the DuetRoot.pfx
certificate
1.
As
administrator, open a Windows Command Prompt window.
2.
At the
command prompt, navigate to the folder that contains the DuetConfig.exe file.
By default, this is the C:\Program files\Duet Enterprise\2.0\ folder.
3.
At the
command prompt, type the following command, and then press ENTER:
DuetConfig.exe –ConfigureRootCertificate
–SecureStoreServiceApplicationName <Name of Secure Store Service
Application> -Path <Root Certificate file path> [Password you used
when you created theDuetRoot.pfx file]
4.
At the
command prompt, you receive the following message: Duet
Root certificate has been configured in SecureStore with target application
name DuetApp.
5.
For
verification, navigate to the Secure Store Service service application page and
confirm that the target application DuetApp is shown.
·
Export the DuetRoot.pfx certificate as DuetRoot.cer
Use this procedure to export the client certificate that you
created and configured. After exporting the DuetRoot.pfx certificate as
DuetRoot.cer, you must give it to the SAP administrator.
To export the client certificate
1.
As
administrator, open a Windows Command Prompt window.
2.
At the
command prompt, navigate to the folder that contains the DuetConfig.exe file.
By default, this is the C:\Program files\Duet Enterprise\2.0\ folder.
3.
At the
command prompt, type the following command, and then press ENTER:
DuetConfig –ExportRootCertificate –Path c:\DuetRoot.cer
4.
At the
command prompt, you receive the following message: Root
certificate for Duet is exported successfully to file c:\DuetRoot.cer.
·
Share the DuetRoot.cer with the SAP administrator
When the DuetRoot.cer certificate is successfully exported,
you need to share it with the SAP administrator.
In the path C:\ there are two DuetRoot certificates. One is
listed as type: Security Certificate and one is listed as type: Personal
Information. The DuetRoot.pfx is listed as type: Personal Information and the
DuetRoot.cer is listed as type: Security Certificate. You will give the
DuetRoot.cer certificate that is listed as type: Security Certificate to the
SAP administrator.
Give the DuetRoot.cer certificate (type: Security
Certificate) file to the SAP administrator.
This article describes how to
configure a trust relationship between SharePoint and SAP for Duet Enterprise
for Microsoft SharePoint and SAP Server 2.0 Preview.
·
Configure a trust relationship between SharePoint and SAP environments
For the SSL-enabled web application to accept information
from the SAP environment, you must establish a trust relationship with the
SAPSSL certificate that is provided by the SAP administrator.
To configure a trust
relationship between SharePoint and SAP environments
1.
Verify
that you have the following administrative credentials: Windows Administrators
group on the front-end web server that is running SharePoint Server 2013
Preview to complete this procedure. You must also be a member of the Farm Administrators
group on the SharePoint Server farm on which you are installing Duet Enterprise
2.0 Preview.
2.
On the
SharePoint Central Administration website, click Security.
3.
In the General Security
section, click Manage trust.
4.
On the
ribbon, click New.
5.
In the Establish Trust Relationship window, in the Name box, type a name for this trust
relationship.
6.
In the Root Authority Certificate box, use the Browse button to select the certificate that was
provided by the SAP administrator for establishing the SSL connection.
7.
Leave
all other settings as the default, and then click OK. The Establish
Trust Relationship window
closes and the new trust relationship is displayed on the Trust Relationships
page.
You are now ready to import the
Workflow, Reporting, and RoleSync models.
Before importing any Business
Data Connectivity (BDC) models, you will need the LsiUrl and MetadataUrl from
the SAP administrator for each of the following BDC models to use when
DuetConfig.exe is run and the models are imported. You must configure a Duet
publishing URL and account. You must grant users permissions on the BDC models
that you import before they can access the SAP data that those models
represent.
In this article:
·
Import BDC models and set Metadata Store permissions
The following models are provided with Duet Enterprise 2.0
Preview and are installed in this default directory path: C:\Program Files\Duet
Enterprise\2.0\BDC Models. This directory contains other models that are
installed by default and are not used as part of this deployment.
·
Workflow
·
UserSubscription
·
Reporting
·
RoleSync
Each of these models must be imported individually because
the procedures to import them are not the same. Use the following procedures to
import each of the Reporting, Workflow, and RoleSync BDC models.
·
Import the Reporting model
The Reporting BDC model is imported into Duet Enterprise 2.0
Preview by using the DuetConfig.exe
–importbdc
command. It requires both an LsiUrl and MetadataUrl to import successfully. Use
the following procedure to import the Reporting BDC model.
To import the Reporting model
1.
Verify
that you have the following administrative credentials: Windows Administrators
group on the front-end web server that is running SharePoint Server 2013
Preview to complete this procedure. You must also be a member of the Farm
Administrators group on the SharePoint Server farm on which you are installing
Duet Enterprise 2.0 Preview.
2.
As
administrator, open the Windows command prompt.
3.
At the
command prompt, type the default path of the DuetConfig.exe file: cd /d C:\Program Files\Duet Enterprise\2.0.
4.
At the
command prompt, type the following command, and then press ENTER:
Duetconfig.exe -importbdc -featurename <FeatureName>
-BdcServiceApplication <BDC Service Application> -lsiurl <LsiUrl>
-metadataUrl <MetadataUrl>
Where:
·
<featurename> equals the name of the BDC model that you
want to import.
·
<BDC Service
Application> equals the BDC
Service application name.
·
<LsiUrl> is the LsiUrl URL that is provided to you
by the SAP administrator that matches the BDC model that you want to import.
·
(optional)
<MetadataUrl> is the metadata URL that is provided to you by the SAP administrator
that matches the BDC model that you want to import.
5.
When
complete, at the command prompt, you receive the following message: The specified BDC model was successfully imported.
·
Import the Workflow model
The Workflow BDC model is imported into Duet Enterprise 2.0
Preview by using the DuetConfig.exe
–importbdc
command. It requires both an LsiUrl and MetadataUrl to import successfully. It
also requires an additional parameter named UserSubLsiUrl. This UserSubLsiUrl
is used for the UserSubscription model, an additional model only imported
together with the workflow model. The UserSubscription model allows users to
subscribe to workflow tasks on individual Duet Enterprise 2.0 Preview workflow
sites. Use the following procedure to import the Workflow and UserSubscription
BDC models.
To import the Workflow model
1.
Verify
that you have the following administrative credentials: Windows Administrators
group on the front-end web server that is running SharePoint Server 2013
Preview to complete this procedure. You must also be a member of the Farm
Administrators group on the SharePoint Server farm on which you are installing
Duet Enterprise 2.0 Preview.
2.
As
administrator, open the Windows command prompt.
3.
At the
command prompt, type the default path of the DuetConfig.exe file: cd /d C:\Program Files\Duet Enterprise\2.0.
4.
At the
command prompt, type the following command, and then press ENTER:
Duetconfig.exe -importbdc -featurename <FeatureName>
-BdcServiceApplication <BDC Service Application> -lsiurl <LsiUrl>
-usersubLisurl <UserSubLsiUrl> -metadataUrl <MetadataUrl>
Where:
·
<featurename> equals the name of the BDC model that you
want to import.
·
<BDC Service
Application> equals the BDC
Service application name.
·
<LsiUrl> is the LsiUrl URL that is provided to you
by the SAP administrator that matches the BDC model that you want to import.
·
<UserSubLsiUrl> is the UserSubLsiUrl URL that is provided
to you by the SAP administrator.
·
<MetadataUrl> is the metadata URL that is provided to you
by the SAP administrator that matches the BDC model that you want to import.
The URL is appended to the end of the MetadataUrl provided by the SAP
administrator.
5.
When
complete, at the command prompt, you receive the following message: The specified BDC model was successfully imported.
·
Import and configure the RoleSync model
The RoleSync BDC model is imported into Duet Enterprise 2.0
Preview by using the DuetConfig.exe
–importbdc
command. It requires both an LsiUrl and MetadataUrl to import successfully. Use
the following procedure to import the RoleSync BDC model. After the model is
imported, it must be configured to start the required timer jobs.
To import the RoleSync model
1.
Verify
that you have the following administrative credentials: Windows Administrators
group on the front-end web server that is running SharePoint Server 2013
Preview to complete this procedure. You must also be a member of the Farm
Administrators group on the SharePoint Server farm on which you are installing
Duet Enterprise 2.0 Preview.
2.
As
administrator, open the Windows command prompt.
3.
At the
command prompt, type the default path of the DuetConfig.exe file: cd /d C:\Program Files\Duet Enterprise\2.0.
4.
At the
command prompt, type the following command, and then press ENTER:
Duetconfig.exe -importbdc -featurename <FeatureName>
-BdcServiceApplication <BDC Service Application> -lsiurl <LsiUrl>
-metadataUrl <MetadataUrl>
Where:
·
<featurename> equals the name of the BDC model that you
want to import.
·
<BDC Service
Application> equals the BDC
Service application name.
·
<LsiUrl> is the LsiUrl URL that is provided to you
by the SAP administrator that matches the BDC model that you want to import.
·
<MetadataUrl> is the metadata URL that is provided to you
by the SAP administrator that matches the BDC model that you want to import.
The URL is appended to the end of the MetadataUrl provided by the SAP
administrator.
5.
When
complete, at the command prompt, you receive the following message: The specified BDC model was successfully imported.
To configure the RoleSync model
1.
Verify
that you have the following administrative credentials: Windows Administrators
group on the front-end web server that is running SharePoint Server 2013
Preview to complete this procedure. You must also be a member of the Farm
Administrators group on the SharePoint Server farm on which you are installing
Duet Enterprise 2.0 Preview.
2.
As
administrator, open the Windows command prompt.
3.
At the
command prompt, type the default path of the DuetConfig.exe file: cd /d C:\Program Files\Duet Enterprise\2.0.
4.
At the
command prompt, type the following command, and then press ENTER:
DuetConfig.exe –ConfigureRoleSync
–UserProfileServiceApplicationName <”User Profile Service Application
Name”>
Where <”User Profile Service Application Name”> equals the name of the User
Profile service application.
5.
At the
command prompt, you receive the following message: The
specified Profile Synchronization Job was successfully configured.
6.
The
timer job for RoleSync is now created.
·
Configure the publishing URL and
account
Use this procedure to configure the properties required to
enable the SAP system to publish reports and workflows to a specific web
application that you want to enable for use with Duet Enterprise 2.0 Preview.
To complete this procedure, you must know the following:
·
The URL
of the web application that you are configuring.
·
The
port number of the extended port on the web application that you are
configuring.
·
The
account that the SAP system will use to publish reports and workflows to the
web application that you are configuring.
To configure the publishing URL
and account
1.
Verify
that you have the following administrative credentials: Windows Administrators
group on the front-end web server that is running SharePoint Server 2013
Preview to complete this procedure. You must also be a member of the Farm
Administrators group on the SharePoint Server farm on which you are configuring
Duet Enterprise 2.0 Preview.
2.
As
administrator, open the Windows command prompt.
3.
At the
command prompt, type the default path of the DuetConfig.exe file: cd /d C:\Program Files\Duet Enterprise\2.0.
4.
At the
command prompt, type the following command, and then press ENTER:
duetconfig.exe –configurewebapp <Web Application URL>
–PublishingUrl <PublishingUrl> –PublisherAccount <domain\username>
Where:
·
<Web Application URL> equals the http:// URL of the new web
applications that you created.
·
<PublishingUrl> equals the https://servername:portnumber of
the extended web application that the SharePointSSL.cer certificate is bound
to.
·
<domain\username> equals the domain and user name of the
DuetPublisher account.
5.
At the
command prompt, you receive the following message: Successfully
configured Duet functionality on the Web Application https://WebApplicaitonURL.
·
Set Metadata Store permissions
Before you can verify the successful configuration and
connection between the SharePoint and SAP systems, you must configure Metadata
Store permissions.
To set Metadata Store
permissions
1.
Verify
that you have the following administrative credentials: Windows Administrators
group on the front-end web server that is running SharePoint Server 2013
Preview to complete this procedure. You must also be a member of the Farm
Administrators group on the SharePoint Server farm on which you are installing
Duet Enterprise 2.0 Preview.
2.
On the
SharePoint Central Administration website, click Application Management.
3.
In the Service Applications
section, click Manage service applications.
4.
On the Service applications
page, click BDCService.
5.
On the BDC models page, in
the View
section, in the External Content Types drop-down list, select BDC Models. The
following four imported models are displayed:
·
OBA.Server.Reporting
·
OBA.Server.RoleSync
·
OBA.Server.UserSubscription
·
OBA.Server.Workflow
6.
On the BDC Models page, use
Set Object Permissions and Set Metadata Store Permissions to set both object and Metadata Store
permissions for all models. All users who access these models will need
individual permissions to access content from these BDC models.
·
Set Object
Permissions: Execute, Selectable in Client, Edit, and Set Permissions. (For the
publisher account only all permissions are required. For all other accounts,
you can choose one or more permissions.)
·
Set
Metadata Store Permissions: Execute, Selectable in Client, Edit, and Set
Permissions. Make sure to select the Propagate permissions to all BDC models,
External Systems and External Content Types in the BDC Metadata Store. Doing so
will overwrite existing permissions. (For the publisher account, only all permissions
are required. For all other accounts, you can choose one or more permissions).
7.
You
might have to run IIS reset to allow these permissions to take effect.
8.
When
both the object and Metadata Store permissions are set, you can run Duet
Enterprise Configuration Check and validate that all required communication and
security checks are working and functional.
This article describes how to
verify the Duet Enterprise Configuration Check in Duet Enterprise for Microsoft
SharePoint and SAP Server 2.0 Preview.
·
Run the Duet Enterprise Configuration Check
Use this procedure to verify the configuration of Duet
Enterprise 2.0 Previewand to show the status of all imported models and
features.
To run the Duet Enterprise
Configuration Check
1.
Verify
that you have the following administrative credentials: Windows Administrators
group on the front-end web server that is running SharePoint Server 2013
Preview to complete this procedure. You must also be a member of the Farm
Administrators group on the SharePoint Server farm on which you are installing
Duet Enterprise 2.0 Preview.
2.
As
administrator, open a Windows Command Prompt window.
3.
At the
command prompt, ensure that the directory is the default install location for
Duet Enterprise 2.0: C:\Program Files\Duet Enterprise\2.0.
4.
At the
command prompt, type the following command, and then press ENTER:
duetconfig.exe –CheckConfiguration
5.
At the
command prompt, you receive the following message: Please
wait while the check configuration result is retrieved and written to the
output file. This operation can take several minutes to complete….
The CheckConfiguration result is
written to C:\Users\<useraccount>\AppData\Local\Temp\1\CheckConfigurationResult.xml,
where <useraccount> equals the name of the
publisher account specified when you configured the publishing URL and account.
6.
To view
this file, browse to the location shown at the command prompt, and then open
the CheckConfigurationResult.xml file in your XML-compatible web browser. You
will need to allow all scripts to run.
7.
On the Duet Enterprise Configuration Check page, the following information is displayed:
·
Overall Status This displays the overall
status of all security connections, models, and features. If all of these are
working correctly, the status column will display Success.
·
Farm-Scoped Features This displays the status
of RoleSync, Validate Root Authority Certificate, and Security. If all of these
are working correctly, the status column will show Success for each. Note that RoleSync will show as
failed until it is run for the first time. This is expected and does not
indicate a problem. Running RoleSync one time will change this fail to success.
·
Web Application-Scoped Features This displays the status
of Publishing Settings, Reporting, and Workflow. If all of these are working
correctly, the status column will show Success for each.
8.
If any
of these features, models, or items show as Failed in the status column, you can get more information
about the failure by clicking Diagnostic Checks in the failed component section.
9.
The
Duet Enterprise 2.0 Preview core installation and configuration is now
completed. Additional configuration is required to enable the features of the
four imported Business Data Connectivity (BDC) models: Reporting, Workflow,
UserSubscription, and RoleSync. For more information, see Configure solutions in Duet Enterprise for SharePoint and SAP Server 2.0
Preview.
Solutions for Duet Enterprise
for Microsoft SharePoint and SAP Server 2.0 Preview are configured at two
levels: the site collection level and the subsite level. Before any solutions
can be deployed, a new site collection must be created and then individual
subsites must be created for each solution. Use the following procedure to
create a new site collection, which will be later configured and new subsites
created to host the individual Duet Enterprise 2.0 Preview features of
Reporting and Workflow.
·
Create a new site collection
This site collection will serve as the foundation for all
subsites that will be created to host individual Duet Enterprise 2.0 Preview
features, such as Reporting and Workflow.
To create a new site collection
1.
Verify
that you have the following administrative credentials: Farm Administrators
SharePoint group and a member of the Windows Administrators group on the server
that is running the SharePoint Central Administration website.
2.
In
Central Administration, on the Application Management page, in the Site
Collections section, click Create Site Collections.
3.
On the Create a Site Collection page, in the Title and description section, in the Title field, enter a name for this new site
collection. Record this name.
4.
In the Template Selection
section, select Blank Site.
5.
In the Primary Site Collection Administrator section, in the User Name field, enter an account. Record this
account.
6.
Leave
all other settings as the default.
7.
Click OK. The new site
collection is created by using the blank template.
8.
Browse
to the newly created site collection by entering the URL into your web browser
address field. It should resemble the following: http://servername:portnumber.
9.
The new
site collection is displayed as a blank site.
·
Deploy a solution
Use the following procedures to deploy a Reporting,
Workflow, or RoleSync solution for Duet Enterprise 2.0 Preview:
The Reporting solution in Duet
Enterprise for Microsoft SharePoint and SAP Server 2.0 Preview must be
configured before it can be used by administrators or users. In earlier
procedures, you have imported the Reporting Business Data Connectivity (BDC)
model and have confirmed that it is functioning correctly. The following
procedures enable site collection and site-level features so that the Reporting
solution can be used.
In this article:
·
Enable the Reporting solution on the site collection
Duet Enterprise reporting requires the Duet Enterprise
Reports Content Types feature to be enabled in the site collection. This
feature is enabled for all subsites in the site collection.
To enable the Reporting solution
on the site collection
1.
Verify
that you have the following administrative credentials: Farm Administrators
SharePoint group and a member of the Windows Administrators group on the server
that is running the SharePoint Central Administration website.
2.
Browse
to the newly created site collection by entering the URL into your web browser
address field. It should resemble the following: http://servername:portnumber.
3.
The new
site collection is displayed as a blank site.
4.
On the
ribbon, select the Settings icon (the Settings icon resembles a gear), and then select Site Settings.
5.
On the Site Settings page,
in the Site Collection Administration section, select Site
Collection Features.
6.
On the Site Settings – Site Collection Features page, scroll down the list to find Duet Enterprise Reports Content Types.
7.
Click Activate next to Duet Enterprise Reports Content Types. The Duet Enterprise Reports Content Types feature is activated and is
displayed as Active.
8.
The
Duet Enterprise Reports Content Types feature is now enabled on the site
collection you created.
·
Create a new subsite and activate the Reporting solution
After you have created a new site collection, you must
create a new subsite to host Duet Enterprise Reporting and its features.
To create a new subsite and
activate the Reporting solution
1.
Verify
that you have the following administrative credentials: Farm Administrators
SharePoint group and a member of the Windows Administrators group on the server
that is running the SharePoint Central Administration website.
2.
Browse
to the new site collection that you created.
3.
Select Site Contents.
4.
On the Site Contents - New SharePoint Site page, in the Title and Description section, in the Title field, type Reporting.
5.
In the Template Selection
section, on the Collaboration tab, select Blank
Site.
6.
In the Navigation Inheritance
section, under Use the top link bar from the parent
site?, select Yes.
7.
Click Create. The new
blank subsite is created to host Duet Enterprise Reporting.
8.
The new
reporting subsite is displayed.
9.
On the
subsite page, on the ribbon, select the Settings icon (the Settings icon resembles a gear), and then select Site Settings.
10. On the Site Settings page, in the Site
Actions section, select Manage site features.
11. Scroll down the list to find Duet Enterprise Reporting.
12. Click Activate next to Duet
Enterprise Reporting. The Duet
Enterprise Reporting feature is activated and is displayed as Active.
13. The Duet Enterprise Reporting feature is now
active on the new subsite and its features are available for viewing and use.
14. You can view these features by viewing the
added items to the left navigation on the subsite. The newly added features are
displayed as the following:
·
Report Settings Shows the available report
types and templates. This can be used to run reports.
·
Reports Shows the current reports.
The Workflow solution in Duet
Enterprise for Microsoft SharePoint and SAP Server 2.0 Preview allows SAP
workflows to be transferred to the SharePoint system and trigger alerts and
messaging inside SharePoint sites and sent via email messages to users. The
Workflow solution is configured on a new subsite that you will create. This new
workflow subsite will host all of the different SAP task types.
·
Create a subsite and activate the Workflow solution
Use the following procedure to create a subsite to host the
Workflow feature in Duet Enterprise 2.0 Preview.
To create a subsite and activate
the Workflow solution
1.
Verify
that you have the following administrative credentials: Farm Administrators
SharePoint group and a member of the Windows Administrators group on the server
that is running the SharePoint Central Administration website.
2.
Browse
to the new site collection that you created.
3.
Select Site Contents.
4.
On the Site Contents page,
in the Subsites section, select New Subsite.
5.
On the Site Contents - New SharePoint Site page, in the Title and Description section, in the Title field, type Workflow.
6.
In the Web Site Address
section, in the URL name field, type Workflow.
7.
In the Template Selection
section, on the Collaboration tab, select Blank
Site.
8.
In the Navigation Inheritance
section, under Use the top link bar from the parent
site?, select Yes.
9.
Click Create. The new
blank subsite is created to host the Duet Enterprise Workflow.
10. The new workflow site is created and is
displayed.
11. On the new workflow site, in the ribbon,
select the Settings icon (the Settings icon resembles a gear), and then select Site Settings.
12. On the Site Settings page, in the Site
Actions section, select Manage site features.
13. Scroll down the list to find Duet Enterprise – SAP Workflow.
14. Click Activate next Duet
Enterprise – SAP Workflow. The
Duet Enterprise – SAP Workflow feature is activated and is displayed as Active.
15. On the new workflow site, in the ribbon,
select the Settings icon (the Settings icon resembles a gear), and then select Site Settings.
16. On the Site Settings page, a new section is displayed: SAP Workflow Configuration.
17. Duet Enterprise 2.0 Workflow is now
configured on the subsite and its features are available for viewing and use.
18. You can view these features by viewing the
added items in the SAP Workflow Configuration section on the Site
Settings page. These include
the following:
·
Grant
users access to SAP workflow tasks.
·
Configure
new SAP workflow task type.
·
Import
a preconfigured SAP Workflow template.
·
Diagnose
configuration problems.
The Role Synchronization
(RoleSync) solution provided with Duet Enterprise for Microsoft SharePoint and
SAP Server 2.0 Preview enables SharePoint administrators to synchronize the SAP
roles property that is stored in the SAP profile store with SharePoint user
profiles. After role synchronization is performed, users can use SharePoint
People Picker to grant permissions on any securable object in SharePoint, such
as sites, lists, and files. It also enhances the Reporting solution because
shared reports can only be shared by using SAP roles.
This article assumes the following:
·
An SAP
administrator has created the SAP-user-to-SAP-role mapping in the SAP system.
·
A
SharePoint administrator has started the User Profile Synchronization service
and has created a Profile synchronization connection to the Active Directory
Domain Services (AD DS) service that contains the user accounts that are
used by the SharePoint Server farm. For information about how to complete these
procedures, see Configure profile synchronization
(SharePoint 2013 Preview).
·
The
SharePoint administrator has synchronized the AD DS service with the
SharePoint user profile store. For more information, see Manage profile synchronization (SharePoint
2013 Preview).
The SharePoint user profiles to which you want to
synchronize SAP roles must already exist before you perform role
synchronization. SAP roles will only be synchronized with SharePoint user
profiles that already exist. You can create these user profiles in the
SharePoint user profile store manually but the recommended way for them to be
created is to perform profile synchronization with AD DS.
In this article:
·
Before you begin
Before you configure role synchronization, the SAP
administrator must have completed the following:
·
Trusted
the SSL certificate that you created earlier in Prepare the environment for Duet Enterprise for SharePoint and SAP
Server 2.0 Preview.
The SharePoint administrator must have completed the
following:
·
Import
the RoleSync model. For more information, see Import models in Duet Enterprise for SharePoint and SAP Server 2.0
Preview.
·
Activate the Duet Enterprise Claim Provider feature
You must be a member of the Farm Administrators group to
complete this procedure.
To enable the Duet Enterprise
Claim Provider feature
1.
On the
SharePoint Central Administration website, on the Quick Launch, click Central Administration.
2.
In the System Settings
section, click Manage farm features.
3.
In the Duet Enterprise SAP Roles Claims Provider row, click Activate.
The status column changes to Active. When active, the SAP roles are
available in People Picker after the SharePoint Server 2013 Preview user
profile store is synchronized with the SAP profile store.
·
Grant permissions to the Metadata Store
You must be a member of the Farm Administrators group to
complete this procedure.
To grant permissions to the
Metadata Store
1.
In
Central Administration, on the Quick Launch, click Application
Management.
2.
In the Service Applications
section, click Manage service applications.
3.
In the Name column, click
the link for the Business Data Connectivity Service
Application.
4.
In the Permissions group of
the ribbon, click Set Metadata Store Permissions.
5.
In the Set Metadata Store Permissions dialog box, in the top box, enter the user account that the timer job
is running on. By default it will be administrator who is deploying Duet
Enterprise 2.0 Preview.
6.
Click Add.
7.
In the Permissions for All Authenticated Users section (bottom section), ensure that the Execute check box is
selected.
8.
Click OK.
If at least one user has not yet been granted the Set
Permissions permission on the Metadata Store, you might receive the following
error message: “At least one user/group in the Access Control List must have
the Set Permissions right to avoid creating a non-manageable object.” To
resolve this issue, grant at least one user the Set Permissions permission on
the Metadata Store.
·
Ensure the Timer account has full control and verify name of User
Profile service application
Use this procedure to ensure that members of the Farm
Administrators group have full control permissions to the default User Profile
service and the Business Data Connectivity service application in the
SharePoint farm. The farm administrator who will configure profile
synchronization, later in this article, must be granted this permission.
SharePoint Server 2013 Preview supports multiple User
Profile service applications. However, Duet Enterprise role synchronization
works only with the default User Profile service application.
You must be a member of the Farm Administrators group or an
administrator of the User Profile service application to complete this
procedure.
To ensure that Timer account has
full control
1.
In
Central Administration, on the Quick Launch, click Central
Administration.
2.
In the Application Management
section, click Manage service applications.
3.
In the Type column, click
the row that contains the default User Profile Service
Application to select the row.
4.
The
name of the User Profile service application is listed in the Name column. Note
the name of this service application because you will need it for a later
procedure.
5.
In the Sharing group of the
ribbon, click Permissions.
6.
In the Connection Permissions
dialog box, ensure that the farm administrator was granted Full Control
permissions.
7.
Click OK.
·
Provide the SharePoint Timer
service account
You must provide the SAP administrator with the user account
that is assigned to the SharePoint Timer service, also known as the SPTimerV4
service. The SAP administrator must ensure that this account is mapped to an
SAP user who is granted sufficient permissions on the SAP system to query the
UserRoles assignments query.
You must be a member of the Windows Administrators group to
complete this procedure.
To get the user account for the
SharePoint Timer service
1.
Log on
to a front-end web server in the SharePoint Server 2013 Preview farm as a
member of the Administrators group.
2.
Click Start, point to Administrative Tools,
and then click Services.
3.
In the Name column,
right-click SharePoint Timer, and then click Properties.
4.
In the SharePoint Timer Service Properties dialog box, on the Log On tab, note the account name that is listed
in the This account text box.
5.
Give
this account name to the SAP administrator.
6.
Click Cancel to close the SharePoint Timer Service Properties dialog box.
·
Configure role synchronization
This procedure creates the Business Connectivity Services
connection between the SharePoint and SAP systems and updates the settings for
the Profile Synchronization job definition that you will use in a later
procedure to synchronize the SharePoint and SAP profile stores.
You must be a member of the SharePoint Farm Administrators
group to complete this procedure.
To configure role
synchronization
1.
Open a
Command Prompt window and go to the <drive>:\Program Files\Duet Enterprise\2.0 folder.
Where <drive> is the drive on which the Duet Enterprise 2.0 Preview files
are stored.
2.
At the
command prompt type, type the following command, and then press ENTER:
DuetConfig.exe -ConfigureRoleSync
–UserProfileServiceApplicationName <Name of your user profile
application>
Where <Name of your user profile application> is the name of the User Profile
service application that you are using for role synchronization. Note that you
can find this name on the Manage Service Application page in Central
Administration.
When role synchronization is
configured, you received the following message: “The settings for the specified
Profile Synchronization Job were updated successfully.”.
·
Synchronize SAP roles with the
SharePoint user profile store
You must be a member of the Farm Administrators group to
complete this procedure.
Before you start this procedure, do the following:
·
Ensure
that the SAP administrator has configured an OData endpoint.
·
Ask the
SAP administrator to ensure that the “Synchronize roles to consumers” job has
finished running on the SAP system.
The SAP administrator must run
the “Synchronize roles to consumers” job periodically to synchronize the user
roles on the SAP system with the SAP profile store on the server that is
running SAP NetWeaver. We recommend that you do not synchronize the SAP user
profile store with the SharePoint user profile store until the SAP
administrator has completed the synchronization job. Otherwise, the
synchronization job between the SAP profile store and the SharePoint user
profile store can take much longer to complete. Note that the “Synchronize
roles to consumers” job takes approximately 80 minutes to synchronize 100,000
users, while synchronizing the profile store in SAP NetWeaver to the SharePoint
user profile store takes approximately 100 minutes to synchronize 100,000
users. If you plan to schedule these synchronization jobs, we recommend that
you run them manually first to determine how much time each takes, on average,
to run on your systems.
To synchronize profiles
1.
In
Central Administration, on the Quick Launch, click Monitoring.
2.
On the Monitoring page, in
the Timer Jobs section, click Review job definitions.
3.
On the Job Definitions
page, in the Title column, click the Duet Enterprise Profile
Synchronization for <User Profile service application name> link.
Where <User Profile service application name> is the name of the User Profile
service application that you are using for role synchronization.
If you have only one User Profile service application, by
default this name is Duet Enterprise Profile Synchronization for User Profile
Service Application.
4.
On the Edit Timer Job page,
click Run Now.
This timer job is scheduled to run one time per day but you
can configure it to run less often if it causes a performance problem.
For more information about
SharePoint timer jobs, see View timer job status (SharePoint 2013
Preview).
·
Verification step
After role synchronization is complete, the SAP Roles
property appears at the bottom of each SharePoint user profile page and
displays the SAP roles that they are assigned to. These SAP roles will also be
available in People Picker when granting permissions to securable objects, such
as sites, list, and files. SAP roles will also be available when you run shared
reports if you have configured the Reporting solution.
·
Grant an SAP role permissions to
a site
After the SAP user profile store is synchronized with the
SharePoint user profile store, you can perform this procedure to grant users
permissions to a site based on their SAP roles. Note that only sites that are
in a web application that uses claims-based authentication and that are
associated with the User Profile service application that you used to
configured role synchronization are supported.
This procedure requires that the SAP roles have already been
synchronized to the SharePoint user profile store.
You must be a Site Owner to perform this procedure.
To grant an SAP role permissions
to a site
1.
In a
browser, go to the site for which you want to enable SAP roles.
2.
Click
the Settings icon, and then click Site Settings.
The Settings icon
resembles a gear.
3.
Under Users and Permissions,
click Site Permissions.
4.
In the Grant group of the
ribbon, click Grant Permissions.
5.
In the Grant Permissions
dialog box, do the following:
a)
Click SHOW OPTIONS.
b)
Under Select a group or permission level, select the group or permission level to which you want to assign the
SAP role.
c)
In the
top box, type part of the SAP role’s name.
A drop-down list appears with all available SAP roles.
6.
Either
finish typing the name of the SAP role or select it from the drop-down list,
and then click Share.
This article describes how to
remove an installation of Duet Enterprise for Microsoft SharePoint and SAP
Server 2.0 Preview. This includes removing all Duet Enterprise 2.0 Preview
solutions and all traces of Duet Enterprise components from the SharePoint
Server 2013 Preview farm.
The procedures provided in this article do not remove files
that contain SAP data from the SharePoint Server farm. For example, SAP reports
that have been delivered to document libraries are not removed. If you want
those files to be removed as well, we recommend that you delete the SAP reports
manually. For example, you can delete the document libraries that contain the
SAP reports or delete the individual reports.
In this article:
·
Uninstall all solutions
If you want to remove all Duet Enterprise 2.0 Preview
solutions from all web applications and also unregister all Duet Enterprise 2.0
Preview components, there are two commands that you must use:
·
DuetConfig.exe -uninstall This command removes all
solutions from all web applications and unregisters all Duet Enterprise
components, at the same time. This command needs to run on only one web server
in the SharePoint Server farm.
·
setup /uninstall This command removes all
traces of Duet Enterprise. This command must be run on all web and application
servers in the SharePoint Server farm.
·
Uninstall all solutions
The following procedure explains how to uninstall all Duet
Enterprise 2.0 Preview solutions that you have deployed to a SharePoint Server
farm and also how to remove all traces of Duet Enterprise 2.0 Preview on each
front-end web server and application server in the SharePoint Server farm.
You must be a member of the Farm Administrators group to
uninstall Duet Enterprise 2.0 Preview solutions from SharePoint Server 2013
Preview.
To uninstall all solutions
1.
Verify
that you have the following administrative credentials:
·
You
must be a member of the Farm Administrators group to uninstall Duet Enterprise
2.0 Preview solutions from SharePoint Server 2013 Preview.
2.
As administrator,
open a Windows Command Prompt window on a front-end web server in the
SharePoint Server 2013 Preview farm, and then go to <systemdrive>:\Program Files\Duet Enterprise\2.0.
This folder contains the
DuetConfig.exe file.
3.
At the
command prompt, type the following command, and then press ENTER:
DuetConfig.exe -uninstall
If this command is successful,
you receive the following message: Duet Enterprise unconfiguration succeeded.
This command removes all solutions from all web applications
and unregisters all Duet Enterprise components at the same time.
4.
Next,
at the command prompt, go to the folder that contains the Setup.exe file for
Duet Enterprise 2.0 Preview. If this file is not in the file system of the
server that is running SharePoint Server 2013 Preview, you can locate this file
on the DVD or ISO image from which Duet Enterprise 2.0 Preview was installed.
5.
Type
the following command, and then press ENTER:
setup /uninstall
If this command is successful,
you receive the following message: Duet Enterprise setup completed successfully. Press any key
to continue….
You must repeat steps 4 and 5 on each front-end web server
and application server in the SharePoint Server farm to completely remove all
traces of Duet Enterprise 2.0 Preview.
When you run these commands, the server that is running
SharePoint Server 2013 Preview creates a job request for each, puts each in the
job queue, and then starts them. This might take several minutes to complete
depending on how busy the server is at the time when you run these commands.
6.
To
ensure that SharePoint Server 2013 Preview will not use the old .dll files if
the solution is reinstalled, you must restart Internet Information Services
(IIS) and SharePoint services as shown in the next procedure.
·
Restart IIS and SharePoint
services
To ensure that solutions that have been uninstalled can no
longer be run in the SharePoint Server farm, you must restart IIS, the
SharePoint Administration service, and the SharePoint Timer service.
Restarting or stopping IIS causes all sessions connected to
your web server (including Internet, FTP, SMTP, and NNTP) to be dropped. When
you restart the Internet service, all sessions connected to your web server are
dropped. All Internet sites are unavailable until Internet services are
restarted. For this reason, avoid restarting the Internet Information Services
service during peak usage.
You must be a member of the Windows Administrators group on
each front-end web server in the network load balancing rotation of the
SharePoint Server farm to complete these procedures.
To restart IIS
1.
Log on
to the front-end web server of the SharePoint Server farm as a member of the
Windows Administrators group.
2.
As
administrator, open a Windows Command Prompt window.
3.
At the
command prompt, type the following command, and then press ENTER:
iisreset /restart
4.
If this
command is successful, you receive the following message: Internet services successfully restarted.
5.
If you
have more than one front-end web server in the network load-balancing rotation
for the SharePoint Server farm, repeat steps 1 through 4 for each remaining
front-end web server.
To restart the SharePoint
services
1.
Log on
to the front-end web server of the SharePoint Server farm as a member of the
Windows Administrators group.
2.
Click Start, point to Administrative Tools,
and then click Services.
3.
In the Name column,
right-click SharePoint Administration, and then click Restart.
4.
In the Name column,
right-click SharePoint Timer Service, and then click Restart.
5.
If you
have more than one front-end web server in the network load-balancing rotation
for the SharePoint Server farm, repeat steps 1 through 4 for each remaining
front-end web server.
Comments
Post a Comment