Scenario
Managers at Contoso are becoming frustrated by having to log on to multiple different systems to gain an overview of different aspects of the business, such as the sales pipeline and levels of inventory. The management committee has asked you to investigate ways of providing a consolidated view of information from other line-of-business solutions on the SharePoint 2013 intranet. Your first task is to configure Business Connectivity Services and related service applications. You will also configure the Secure Store Service, so that SharePoint can map end-user credentials to the credentials required by various line-of-business systems. Later in this module, you will import and configure a BDC model as a proof-of-concept to demonstrate functionality.
Objectives
After completing this lab, you will be able to:
• Configure the Business Data Connectivity service application.
• Configure the Secure Store Service application.
Estimated Time: 30 minutes
Virtual Machine: 20332B-NYC-DC-04, 20332B-NYC-DB-04, 20332B-NYC-SP-04
• User name: [email protected]
• Passw0rd: Pa$$w0rd
Exercise 1: Configuring the Business Data Connectivity Service Application
Scenario
In this exercise, you will configure a Business Data Connectivity Service application instance. First, you will create a new domain account to run the service, and you will register the new account with SharePoint as a managed account. Next, you will start the Business Data Connectivity Service on the local SharePoint server and then provision a new Business Data Connectivity Service application instance. Finally, you will configure the Business Data Connectivity Service application instance by setting metadata store
permissions and creating a site to host profile pages for external content types.
The main tasks for this exercise are as follows:
1. Create a service account to run the BDC service application 2. Register the service account as a managed account 3. Start the Business Data Connectivity Service
4. Create a new Business Data Connectivity service application instance 5. Set metadata store permissions
Task 1: Create a service account to run the BDC service application
• Start the 20332B-NYC-DC-04 virtual machine. Wait for the virtual machine to display the logon screen, and then wait a further five minutes before you proceed to the next step.
• Start the 20332B-NYC-DB-04 virtual machine. Wait for the virtual machine to display the logon screen before you continue.
• Start the 20332B-NYC-SP-04 virtual machine. Wait for the virtual machine to display the logon screen before you continue.
MCT USE ONL Y. STUDENT USE PROHIBITED
Advanced Solutions of Microsoft SharePoint Server 2013 4-13
• Log on to the 20332B-NYC-DC-04 machine as [email protected] with the password Pa$$w0rd.
• Start Active Directory Administrative Center.
• Create a new user with the following details:
Full name SharePoint BDC
UPN logon [email protected]
SAM Account Name logon CONTOSO\SP_BDC
Password Pa$$w0rd
Password never expires Selected
User cannot change password Selected
Task 2: Register the service account as a managed account
• Log on to the 20332B-NYC-SP-04 machine as [email protected] with the password Pa$$w0rd.
• Register the CONTOSO\SP_BDC account that you created in the previous task as a managed account.
Note: You can use either the Central Administration website or Windows PowerShell to register a managed account.
Task 3: Start the Business Data Connectivity Service
• On the SharePoint server, start the Business Data Connectivity Service.
Note: You can start services by using Windows PowerShell or from the Central Administration website.
Task 4: Create a new Business Data Connectivity service application instance
• Create a new Business Data Connectivity Service application with the following properties:
Property Value
Service application name Contoso BDC
Database name Contoso_BDC_DB
Application pool name SharePointContosoBDC Security account for application pool CONTOSO\SP_BDC
Task 5: Set metadata store permissions
• Open the metadata store permissions for the Contoso BDC service application.
MCT USE ONL Y. STUDENT USE PROHIBITED
4-14 Configuring and Managing Business Connectivity Services
• Grant CONTOSO\Administrator all permissions.
• Propagate the permissions to all BDC Models, External Systems, and External Content Types in the BDC Metadata Store.
Note: To view external lists and interact with ECTs in Office client applications, users require the Execute and Selectable in Clients permissions. However, you also want the administrator to be able to edit BDC model components and assign permissions to other users.
Results: After completing this exercise, you should have created and configured a Business Data Connectivity Service application instance.
Exercise 2: Configuring the Secure Store Service
Scenario
In this exercise, you will configure a Secure Store Service application instance. First, you will create a new domain account to run the service, and you will register the new account with SharePoint as a managed account. Next, you will start the Secure Store Service on the local SharePoint server and then provision a new Secure Store Service application instance. Finally, you will configure the Secure Store Service application instance by creating a new master key to encrypt the database.
The main tasks for this exercise are as follows:
1. Create a service account to run the Secure Store Service application 2. Register the service account as a managed account
3. Start the Secure Store Service
4. Create a new Secure Store Service application instance 5. Create a secure store master key
Task 1: Create a service account to run the Secure Store Service application
• Switch to the 20332B-NYC-DC-04 machine. If you are not already logged on, log on as [email protected] with the password Pa$$w0rd.
• Start Active Directory Administrative Center.
• Create a new user with the following details:
Full name SharePoint SSS
UPN logon [email protected]
SAM Account Name logon CONTOSO\SP_SSS
Password Pa$$w0rd
Password never expires Selected
User cannot change password Selected
MCT USE ONL Y. STUDENT USE PROHIBITED
Advanced Solutions of Microsoft SharePoint Server 2013 4-15
Task 2: Register the service account as a managed account
• Switch to the 20332B-NYC-SP-04 machine. If you are not already logged on, log on as [email protected] with the password Pa$$w0rd.
• Register the CONTOSO\SP_SSS account you created in the previous task as a managed account.
Note: You can use either the Central Administration website or Windows PowerShell to register a managed account.
Task 3: Start the Secure Store Service
• On the SharePoint server, start the Secure Store Service.
Note: You can start services from Windows PowerShell or from the Central Administration website.
Task 4: Create a new Secure Store Service application instance
• Create a new Secure Store Service application with the following properties:
Property Value
Service application name Contoso Secure Store
Database name Contoso_SSS_DB
Application pool name SharePointContosoSSS
Security account for application pool CONTOSO\SP_SSS
Task 5: Create a secure store master key
• Open the management settings for the Contoso Secure Store service application.
• Generate a new secure store master key with the pass phrase Pa$$w0rd.
Results: After completing this exercise, you should have created and configured a Secure Store Service application instance.
MCT USE ONL Y. STUDENT USE PROHIBITED
4-16 Configuring and Managing Business Connectivity Services