The architecture of Orchestrator is, at its base, quite simple and light. At the very beginning you'll find yourself in need of a multiple server Orchestrator deployment for performance and High Availability, and in the end, apart from the High Availability, you won't feel the need for a big Orchestrator infrastructure.
At this point, we'll address a single-server architecture with the database in a separate SQL cluster. For this, the requirements are as follows:
RAM: 1 GB (recommended 2 GB)
Disk: 200 MB (available disk space)
CPU: Dual-core Intel CPU, 2.1 Ghz (or above)
OS: Windows Server 2008 R2 (with IIS, .NET 3.5 SP1, .NET 4.5, and Silverlight) or above
SQL Server: Microsoft SQL Server 2008 R2 or above (with Collation:
SQL_Latin1_General_CP1_CI_ASand Database Engine Service only)
As you can see, the requirements for the Orchestrator architecture following a single-server deployment are not really that demanding. However, let's observe the requirements per component for a multi-server deployment:
Management server:
RAM: 1 GB (recommended 2 GB)
Disk: 200 MB (available disk space)
CPU: Dual-core Intel CPU, 2.1 Ghz or above
OS: Windows Server 2008 R2 (.NET 3.5 SP1) or above
Orchestrator database:
SQL Server: Microsoft SQL Server 2008 R2 or above
Collation:
SQL_Latin1_General_CP1_CI_ASSQL Roles: Database Engine
Location: Local or Remote (cluster supported)
Runbook server:
RAM: 1 GB (recommended 2 GB)
Disk: 200 MB (available disk space)
CPU: Dual-core Intel CPU, 2.1 Ghz or above
OS: Windows Server 2008 R2 (.NET 3.5 SP1) or above
Runbook designer:
RAM: 1 GB (recommended 2 GB)
Disk: 200 MB (available disk space)
CPU: Dual-core Intel CPU, 2.1 Ghz or above
OS: Windows Server 2008 R2, Windows 7 SP1 or above
Orchestration console / Web service server:
RAM: 1 GB (recommended 2 GB)
Disk: 200 MB (available disk space)
CPU: Dual-core Intel CPU, 2.1 Ghz or above
OS: Windows Server 2008 R2 (.NET 3.5 SP1, .NET 4.5, IIS, Silverlight) or above
Usually, the multi-server deployments are in fact connected to the High Availability questions, but keep with mind that the Management Server is a single component that can't be deployed in High Availability, even though the Runbook Servers are able to execute the Runbooks without that component.
On the Active Directory (AD) side, you'll need to also fulfill some requirements:
|
User/Group |
Name |
Type |
Comments |
|---|---|---|---|
|
User |
DOMAIN |
Service account |
This is the main management server's service account and it will be granted a logon as a service during the installation. It is also used for the Monitor service. |
|
User |
DOMAIN |
Service account |
This is the account used for accessing resources that are specified on the Runbooks. This account might require access to remote computers. |
|
Group |
DOMAIN |
Group |
Users Security Global Group for allowing default access to Orchestrator |
|
Group |
DOMAIN |
Group |
Operators Security Group to allow access as the Runbook operator on Orchestrator |
|
Group |
DOMAIN |
Group |
This is the Full Administration Security Group for Orchestrator |
The next screenshot shows these accounts and groups in Active Directory, and in the end you should have something quite similar in your environment. The users and groups don't need to be named exactly the same as the examples we give here; they can be adapted to your standards, but keep these in mind for your reference for the rest of this book.
On the network side, we'll need the following exceptions on the firewall:
|
Source |
Target |
Default Port (TCP) |
Notes |
|---|---|---|---|
|
Runbook Designer |
Management Server |
135, 1024-65535 |
The Runbook Designer communicates with the management server over DCOM; by default, the DCOM uses port 135 to initiate the connection and then moves to a dynamic port between 1024 and 65535. |
|
Management Server / Runbook Server / Web Service |
Orchestration Database |
1433 |
This takes care of the Microsoft SQL Server connectivity. |
|
Client Browser |
Orchestrator REST-based web service |
81 |
These are ports used for connecting to the Orchestration console. |
|
Orchestration console |
82 |
All the ports above can be configured to better suit your environment.
Now, in terms of the scalability of the Orchestrator, we can have redundancy in the Orchestrator Web Service / Console, Runbook Servers, and Orchestrator Database. However, we won't be able to have more than one Management Server.
You might consider having the components divided between servers due to service availability, but there's also the Runbooks workload expected and the number of simultaneous Runbooks that you'll have running to consider, as well as their importance.
Our advice would be to have one single-server deployed for the Runbooks development and preparation, and then for production, a redundant deployment of Runbook Server, Orchestrator Web Service / Console Server, and the Orchestrator Database under a SQL cluster. This way, you'll cover any need of simultaneously executing some Runbooks and High Availability.
Good! Now that we've defined all the requirements, and since all are in place, we'll do a sanity check so we can see if we're ready to go forward.
So, to move on to the next point, on installing the Orchestrator architecture you've decided to go with, you'll need to achieve the following steps:
Create Active Directory accounts:
Service accounts
AD groups
Install an operating system:
Windows Server (2008 R2 or above)
Add it to the domain
Add service accounts to the administrator's local group
Add the Orchestrator administrators group to the administrator's local group
Configure OS roles and features:
IIS
.NET 3.5 SP1
.NET 4.5
Silverlight
Don't forget that some of the OS roles and features are only required for some of the Orchestrator components. Check the list to see which component needs which piece of software.
Also, it's not on this list, but we're assuming you have a SQL cluster or a single-server in place to accommodate your Orchestrator database. Don't forget the permissions on that SQL server for the account running the Management Server.
The OS roles and features prerequisites can all be installed using PowerShell in order to achieve a faster single-server deployment. In order to do so, you can execute the following command:
Import-Module ServerManager Add-WindowsFeature NET-Framework-Core,NET-Framework-45-ASPNET,NET-WCF-Services45,NET-WCF-HTTP-Activation45,NET-WCF-TCP-PortSharing45,Web-Server,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Static-Content,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-Http-Tracing,Web-Performance,Web-Stat-Compression,Web-Security,Web-Filtering,Web-Digest-Auth,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext,Web-Net-Ext45,Web-Asp-Net,Web-Asp-Net45,Web-CGI,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Mgmt-Tools,Web-Mgmt-Console –source D:\Sources\sxs