Installation Instructions
This guide describes how to install Service Management components using the Express (single machine) install option as well as a Distributed (multiple machines) install option. The following Service Management components can be distributed across multiple machines:
-
Service Management Admin Portal
-
Service Management Tenant Portal
-
Service Management Admin API
-
Service Management Tenant API
-
Service Management Tenant Public API
Service Management API components support distributed installation primarily for reasons of security since the Service Management Admin API exposes a high level of access to the system relative to the Service Management Tenant API which in turn provides a somewhat higher level of access to the system than the Service Management Tenant Public API. For most deployments it is considered a best practice to deploy the Service Management Admin and Service Management Tenant API behind a firewall or other publicly inaccessible location and deploy the Service Management Tenant Public API on a publicly accessible machine. The particular deployment strategy used will of course depend on the Hosting Service Providers security requirements.
This guide also provides information for installing and configuring the Web Site Services required to provision a Web Site Cloud to host web sites for subscribing users.
Service Management Components and Certificates
Each Service Management component is installed on an IIS web site which by default is configured with a self-signed certificate. Because these self-signed certificates will not be among the certificates in the Trusted Root Certification Authorities store loaded by your browser upon startup, your browser will display a security warning when you attempt to connect to any of the sites. For any publicly facing services such as those running on the MgmtSvc-TenantSite and MgmtSvc-TenantPublicAPI web sites, it is recommended that these self-signed certificates be replaced with valid certificates issued by a Trusted Root Certificate Authority to ensure that end users avoid this experience. The MgmtSvc-AdminSite web site may also benefit from a replacement of the self-signed certificate. For more information about how to configure certificates for your Service Management Portal and Service Management API deployment please review recommendations in the Post Installation Best Practices section of this guide.
Note |
|---|
| Services which aren’t accessed by users, such as the Service Management APIs and Resource Providers, ignore certificate validation errors by default. This is done via the ServicePointManager.ServerCertificateValidationCallback Property. If this is a security concern, it is recommended that these self-signed certificates be replaced by valid certificates issued by a recognized Certificate Authority and that the validation override be turned off, or set to false. |
Express Install
Use the Express Install option to install both Service Management Portals and all of the Service Management API onto a single machine. This option would typically only be used for proof of concept work or testing and is not recommended for production environments.
-
Logon to the Service Management Portal machine (for example, SvcMgmtPortal ) and launch the Web Platform Installer.
-
Click the Products tab and then click Windows Azure. Click Add next to Service Management Portal and Service Management API (Express), and click Install.

-
Click I Accept on the Prerequisites screen and the installation will begin.
The machine may reboot during the installation.
-
When the installation is complete click Continue and Finish.

-
Configuration will open the Service Management Configuration Site (https://localhost:30101/) in Internet Explorer. If the Internet Explorer security certificate warning page is displayed click Continue to this website (not recommended).

-
If prompted enter Administrator credentials to connect to the Configuration site which will display the Database Server Setup page. On the Database Server Setup page enter sa credentials to connect to the SQL Server or SQL Server Express instance you installed, enter a passphrase for the Config store and then click the next arrow in the bottom right corner of the web page to continue.

-
The features being installed are listed on the Features Setup page.
After the features are successfully configured click the checkmark in the bottom right corner of the Features Setup page to launch the Service Management Admin Portal (https://localhost:30091/#Workspaces/WebSystemAdminExtension/quickStart).
-
When prompted enter Administrator credentials and if presented with a security certificate warning page click Continue to this website (not recommended) to display the Service Management Portal Tour Welcome page.

-
As you review the Portal Tour pages click the next arrow to proceed. On the last page click the checkmark to close the tour and display the Service Management Admin Portal.

Distributed Install
Per the Environment Topology section, you may deploy the Service Management Admin Site, Service Management Tenant Site and the Service Management API on separate machines. These components may be deployed on individual machines or in different combinations (for example, the Tenant Site and Service Management API on a machine that has internet access and Admin Site on a machine that has protected access).
You may also deploy the Service Management Admin API, Service Management Tenant API and Service Management Tenant Public API on separate machines. These components may also be deployed on individual machine or in different combinations (for example, the Service Management Tenant Public API may be installed on a machine that has internet access while the Service Management Admin API and Service Management Tenant API may be installed on machines that have protected access).
Service Management Admin Site
Follow these steps to install the Service Management Admin Site
-
Logon to the Admin Site machine (for example, SvcMgmtAdmin) and launch the Web Platform Installer.
-
Click the Products tab and then click Windows Azure to see the list of available install options. Click Add next to Service Management Admin Site, and click Install.

-
Click I Accept on the Prerequisites screen and the installation will begin. The machine may reboot during the installation.

-
When installation is complete click Continue. And then click Finish on the Finish screen.

-
The Service Management Configuration Site (https://localhost:30101/) will launch with Internet Explorer. If the Internet Explorer security certificate warning page is displayed click Continue to this website (not recommended).

-
If prompted enter Administrator credentials to connect to the Configuration site.
-
The Configuration Site wizard will display the Database Server Setup page. On the Database Server Setup page enter sa credentials to connect to the SQL Server or SQL Server Express instance, enter a passphrase and passphrase confirmation for the Config store (make sure to use a strong passphrase) and then click the next arrow to continue.

-
The Features Setup page will display the list of features to be configured, click the checkmark in the bottom right corner to continue and click the checkmark again when feature configuration is completed successfully.

-
The Admin Site will launch. If the Service Management API has not yet been configured in the environment, you will see a notification on the Admin site asking you to configure the Service Management API.

-
Once the Service Management API has been configured you may click Try Again to continue.
Note Ensure that Service Management API is installed before completing setup for the Service Management Admin Site. If a distributed installation of the Service Management API was performed ensure that all 3 components of the API are installed.
Service Management Tenant Site
-
Logon to the Tenant Site machine (for example, SvcMgmtTenant) and launch Web Platform Installer.
-
Click the Products tab and then click Windows Azure to see the list of available installation options. Click Add next to Service Management Tenant Site and then click Install.

-
Follow steps 3 to 9 in the Service Management Admin Site section above.
Service Management API
The Service Management API installation options are presented as three distinct components:
-
Service Management Admin API
-
Service Management Tenant API
-
Service Management Tenant Public API
While it is possible to install all of these components on a single machine, this would not be considered a best practice in a production environment because of the relatively high level of access exposed by the Service Management Admin API and to a lesser degree the level of access exposed by the Service Management Tenant API. Therefore, it is recommended that the Service Management Admin API and Service Management Tenant API are installed on machines that are behind a firewall or that are otherwise not accessible by the public. The Service Management Tenant Public API is designed to serve all of the needs of end users that subscribe to a Hosting Service Provider’s Cloud services.
To install the various Service Management API’s, complete the following steps on each machine that you are installing the Service Management Admin API, Tenant API, and Tenant Public API:
-
Logon to the Service Management API/Tenant API/Tenant Public API machine (for example, SvcMgmtTenAPI) and launch the Web Platform Installer.
-
Click the Products tab and then click Windows Azure to see the list of available install options. Click Add next to one of Service Management API/Tenant API/Tenant Public API, and click Install.

-
Click I Accept on the Prerequisites screen and the installation will begin. The machine may reboot during the installation.

-
When installation is complete click Continue on the Configure screen and Finish on the Finish screen.

-
Configuration will open the Service Management Configuration Site https://localhost:30101/ in Internet Explorer. If the Internet Explorer security certificate warning page is displayed click Continue to this website (not recommended).

-
If prompted enter Administrator credentials to connect to the Configuration site which will display the Database Server Setup page. On the Database Server Setup page enter sa credentials to connect to the SQL Server or SQL Server Express instance you installed, enter a passphrase for the Config store and then click the next arrow in the bottom right corner of the web page to continue.

-
After features are configured successfully click the checkmark in the bottom right corner of the Features Setup page. This will prompt you to close your browser window.

Complete Service Management Admin Site Setup
Note |
|---|
| Ensure that Service Management API is installed before completing setup for the Service Management Admin Site. If a distributed installation of the Service Management API was performed ensure that all 3 components of the API are installed. |
-
Go back to the Service Management Admin Site machine, and refresh the Service Management Admin Site page described at the end of the Service Management Admin Site section. If the Service Management Admin Site is no longer open on the machine, open https://localhost:30091/#Workspaces/WebSystemAdminExtension/quickStart in Internet Explorer.
-
If presented with a security certificate warning page click Continue to this website (not recommended) and enter Administrator credentials to display the Service Management Portal Tour Welcome page.

-
Click through the Portal Tour pages by clicking the next arrow and click the checkmark to close the tour and display the Service Management Admin Portal.

Install and Configure the Web Sites Cloud Controller
The Web Sites Cloud controller provides the logic to monitor the state of and maintain the health of all the roles in a Web Sites Cloud. The Web Sites Cloud controller must be installed before installing any other Web Site Cloud roles.
Launch the Web Site Cloud Setup
-
Logon to the Web Sites Controller machine (for example, SitesController) and launch the Web Platform Installer.
-
Click the Products tab and then click Windows Azure. Click Add next to Web Sites service and third party dependencies, and click Install.

-
Click I Accept to accept license terms and launch setup.

-
Setup will display the progress of the installation.

-
After installation is complete, click Continue to open the Service Management Configuration site.

-
Your browser may display a certificate security warning. Click Continue to the website (not recommended) and provide necessary Administrator credentials when prompted to continue to the Web Site Cloud Controller configuration page.

Configure the Web Site Cloud Service
-
On the Database Server Setup page provide the following information and click the next arrow in the bottom right of the page:
- Server Name – name of the SQL Server Instance used by the controller to store web site hosting and resource usage information.
- Database Server Admin Username - sa
- Database Server Admin Password – password for the sa account
- DNS Suffix – Enter value determined by Public DNS Mappings

- Server Name – name of the SQL Server Instance used by the controller to store web site hosting and resource usage information.
-
Provide the requested information for the Management Server / Web Site cloud REST API server:
- Server Name - Name of machine that will run the management server role, e.g. SitesRESTAPI
- Machine Credentials to install Management roles
Admin Username to be either:-
Domain account that is member of local Administrators group on all web site cloud role machines, excluding the web worker(s)
-
Local account that is a member of local Administrators group on all web site cloud role machines, excluding the web worker(s). If using a local account, the account name and password must be identical on all machines, excluding the web worker(s).
-
Domain account that is member of local Administrators group on all web site cloud role machines, excluding the web worker(s)
- Machine Credentials to install Worker roles
Admin Username to be one of either:-
A domain account that is member of local Administrators group on all web worker(s)
-
A local account that is a member of local Administrators group on all web worker(s). If using a local account the account name and password must be identical on all machines.

-
A domain account that is member of local Administrators group on all web worker(s)
- Server Name - Name of machine that will run the management server role, e.g. SitesRESTAPI
-
Service Endpoint Credentials
Scroll down to provide Service End Point credentials and then click the next arrow on the bottom right corner of the page. Make a note of these credentials as they will be required when registering your Web Sites REST endpoint in the Service Management Portal Admin site.- Username - Provide a username for connecting to the web site rest endpoint.
- Password - Provide a password for the service endpoint credentials.
Important Ensure that you make a note of these credentials. If you do not have these credentials when you attempt to register your Web Sites REST endpoint in the Service Management Portal Admin Site you will be unable to complete configuration of your Web Sites Cloud. 
- Username - Provide a username for connecting to the web site rest endpoint.
-
If using a standalone file server:
-
Select the option to Create a New Standalone Windows File Share.
- File Server Name – Enter the name of the file server machine, for example FileServer.
- Content Share Network Path – \\<Server name>\WebSites, for example, \\FileServer\WebSites.
- Content Share Physical Path – <Drive letter>:\WebSites, for example, C:\WebSites.
- File Share Owner Username – Specify the FileShareOwner account you created.
- File Share Owner Password – Specify the FileShareOwner account you created.
- File Share Owner Password Confirmation – Confirm the password of the FileShareOwner account.
Scroll down and specify the following information to finish filling out the File Server Setup page and then click the next arrow at the bottom right of the page.- File Share User Username – Specify the FileShareUser account you created.
- File Share User Password – Specify the password of the FileShareUser account.
- File Share User Password Confirmation – Confirm the password of the FileShareUser account.
- Certificate Share Network Path – \\<Server name>\Certificates, for example, \\FileServer\WebSites
- Certificate Share Physical Path – <Drive letter>:\Certificates, for example, C:\Certificates
- Certificate Store Account Username – Specify the CertificateShareUser account you created.
Note Scroll down to enter the Certificate Store Account Password and Certificate Store Account Password Confirmation. - Certificate Store Account Password – Specify the password of the CertificateShareUser account.
- Certificate Store Account Password Confirmation – Confirm the password of the CertificateShareUser account.

- File Share User Username – Specify the FileShareUser account you created.
After you accept the specified configuration settings Web Site Setup will complete installation, adding the servers and getting the hosting controller ready. Click the checkmark again on the bottom right of the Ready to configure page to finalize configuration of the Web Sites service feature.
Note To follow the progress of the configuration open Internet Information Services (IIS) manager - Expand Server Farms, Management Servers, click Servers and monitor the trace messages section. Upon successful completion of configuration the last Trace Message should read Server successfully started. -
Select the option to Create a New Standalone Windows File Share.
-
If using a pre-configured file server, file server cluster, or NAS device:
-
Select the option to Use a Pre-configured File Server.
- Content Share Network Path - \\<Server name>\WebSites, for example, \\FileServer\WebSites.
- File Share Owner Username – Specify the FileShareOwner account you created.
- File Share Owner Password – Specify the password of the FileShareOwner account.
- File Share Owner Password Confirmation – Confirm the password of the FileShareOwner account.
Scroll down and specify the following information to finish filling out the File Server Setup page and then click the next arrow at the bottom right of the page.- File Share User Username – Specify the FileShareUser account you created.
- File Share User Password – Specify the password of the FileShareUser account.
- Certificate Share Network Path – \\<Server name>\Certificates, for example, \\FileServer\WebSites
- Certificate Store Account Username – Specify the CertificateShareUser account you created.
- Certificate Store Account Password – Specify the password of the CertificateShareUser account.
- Certificate Store Account Password Confirmation – Confirm the password of the CertificateShareUser account.
Click the checkmark on the bottom right of the Ready to configure page for the Web Sites service feature.
After you accept the specified configuration settings Web Site Setup will complete installation, adding the servers and getting the hosting controller ready. Click the checkmark again on the bottom right of the Ready to configure page to finalize configuration of the Web Sites service feature.
Note To follow the progress of the configuration open Internet Information Services (IIS) manager - Expand Server Farms, Management Servers, click Servers and monitor the trace messages section. Upon successful completion of configuration the last Trace Message should read Server successfully started. -
Select the option to Use a Pre-configured File Server.