How to prepare for your RAP as a Service for Team Foundation Server
The Tools machine is used to connect to each of the servers in your Team Foundation Server environment such as Team Foundation Server, SQL Server, SharePoint. and retrieve configuration and health information from them. The Tools machine retrieves information from the environment communicating over Remote Procedure Call (RPC), Server Message Block (SMB), and Distributed Component Object Model (DCOM). Once data is collected, the Tools machine is used to upload the data to the Microsoft Premier Services portal for automated analysis, followed up by manual analysis by one of our expert
engineers. This upload requires internet HTTPS connectivity to specific sites. Alternatively, you can also export the collected data from the Tools machine and use a different machine to submit it. You need to ensure the machine used to
upload the data also has the RAP as a Service client tool installed and has internet connection. At a high level, your steps to success are:
1. Install prerequisites on your Tools machine and configure your environment 2. Collect data from your environment
3. Submit the data to Microsoft Premier Services for assessment
A checklist of prerequisite actions follows. Each item links to any additional software required for the Tools machine, and detailed steps included later in this document.
Checklist
Please ensure the following items have been completed before accessing the RAP as a Service Portal for the first time and starting your engagement.
1. General Use
Last modified: Sept 23, 2015
RAP as a Service for
Team Foundation Server
Internet connectivity is
needed to:
Access the RAP as a
Service portal.
Activate your
account.
Download the
toolset.
Submit data.
Data submission to
Microsoft online servers
and displaying your
results on the online
portal uses encryption
to help protect your
data. Your data is
analyzed using our
RAP expert system.
Prerequisites
Download the latest prerequisites from:
Ensure the Internet browser on the data collection machine has JavaScript enabled.Follow the steps listed at How to enable scripting in your browser. Internet Explorer 9, Internet Explorer 10 and Internet Explorer 11 are the supported and recommended browsers for this offering. Most other modern HTML5 based browsers will also work.
The site https://ppas.uservoice.com provides access to the Support Forum and Knowledge Base Articles for RAP as a Service2. Activation
Ensure access to http://corp.sts.microsoft.com
Ensure access to http://live.com3. Data Collection
a. Tools machine hardware and Operating System:
Server-class or high-end workstation machine running Windows Vista/Windows7/Windows8, or Windows Server 2008/Windows Server 2008 R2/Windows Server 2012Note: Windows Server 2003 is not supported as Tools machines.
Minimum: 4GB RAM, 2Ghz dual-core processor, 5 GB of free disk space plus up to 500MB per analyzed server and 1-5GB per web server in the assessed environment during data collection.
Joined to the same domain as the environment servers or a trusted domain.b. Software for Tools machine:
Microsoft .NET Framework 4.0 installed
Windows PowerShell 2.0 or later installed
Log Parser 2.2 installed
Team Explorer 2012 or standalone TFS 2012 OM Installer c. Account Rights:
Administrator access to all servers to be assessed in Team Foundation Server environment
Administrator role in all products that make up Team Foundation Environment to be assessed such as Team Foundation Server, SharePoint, SQL Server, SQL Reporting Services, etc.d. Additional Requirements for Windows Server 2008 (and later) servers:
Configure all server firewalls for “Remote Event Log Management”The Appendix Data Collection Methods details the methods used to collect data. 4. Submission
Internet connectivity is required to submit the collected data to Microsoft.
Ensure access to *.accesscontrol.windows.netthis URL is used to authenticate the data submission before accepting it.
The rest of this document contains detailed information on the steps discussed above.
1. Hardware and Software
Server-class or high-end workstation computer equipped with the following:
Minimum single 2Ghz processor — Recommended dual-core/multi-core 2Ghz or higher processors. Minimum 4 GB RAM—Recommended 8 GB RAM.
Minimum 5 GB of free disk space plus up to 500MB per analyzed server and 1-5GB per web server in the assessed environment during data collection.
Windows Vista, Windows 8, Windows 7 (preferred), Windows Server 2012, or Windows Server 2008/Windows Server 2008 R2. Windows Server 2003 is not supported as a data collection machine.
Note: To successfully gather Performance data, ensure the data collection machine’s Operating System (OS) matches,
or is a higher version of the highest versioned OS target machine used within the environment. Typically, this means that Windows 8 or Windows Server 2012 is acceptable to use.
Can be 32-bit or 64-bit operating system.
At least a 1024x768 screen resolution (higher preferred).
A member of the same domain as the servers being reviewed or a member of a trusted domain. Microsoft® .NET Framework 4.0 — http://www.microsoft.com/en-us/download/details.aspx?id=17851 Windows PowerShell 2.0 or higher
Windows PowerShell 2.0 is part of the Windows Management Framework — http://support.microsoft.com/ kb/968929
The execution policy for PowerShell should be set to remotesigned on the tools machine
The execution policy settings can be verified using “get-executionpolicy –list” in a PowerShell command window Log Parser 2.2 installed
IIS 7.0 - optional
Team Explorer 2012 or standalone TFS 2012 OM Installer
Networked “Documents” or redirected “Documents” folders are not supported. Local “Documents” folder on the data collection machine is required.
Sysadmin on all SQL Instances that host Team Foundation Server databases. System administrator of Analysis Services instances where Team Foundation
Server warehouse is located.
SharePoint Farm administrator and Site Collection administrator for the SharePoint Farm where Team Project portals are running.
System administration and Home folder Content Manager of Reporting Services instance where Team Foundation Server reports are located. Team Foundation Server Administrator.
Ability to run PowerShell scripts on the machine running the RAP as a Service Client. The Windows PowerShell execution policy must be set to
RemoteSigned or a policy that provides an equivalent ability to run local scripts — http://technet.microsoft.com/library/hh847748.aspx
NOTE: Usually the account used to install the Team Foundation Server environ-ment (often called TFSSetup) has these permissions. However, sometimes these permissions may have been revoked after the installation. Verification of permis-sions is still needed even if the account used during Team Foundation Installation is used.
WARNING: Failure to provide the required permissions can prevent collection of data needed for proper analysis.
WARNING: Do not use the “Run As” feature to start the client toolset as the dis-covery process and collectors might fail. The account starting the client toolset must logon to the local machine.
A Microsoft Account for each user account to logon to the Premier Proactive Assessment Services portal (https://services.premier.microsoft.com). This is the RAP as a Service portal where you will activate your access token, download the toolset and fill out the operational survey. This is also the URL that hosts the web service that coordinates the data submission
If you don’t have one, you can create one at http://login.live.com.
Contact your TAM if the token in your Welcome Email has expired or can no longer be activated. Tokens expire after ten days. Your TAM can provide new activation tokens for additional people.
3. Network and Remote Access
Ensure that the browser on the Tools machine or the machine from where you activate, download and submit data has JavaScript enabled. Follow the steps listed at How to enable scripting in your browser.
Internet Explorer is the recommended browser for a better experience with the portal. Ensure Internet Explorer Enhanced Security Configuration (ESC) is not blocking JavaScript on sites. A workaround would be to temporary disable Internet Explorer ESC when accessing the https://services.premier.microsoft.com portal.
Unrestricted network access from the Tools machine to all servers.
This means access through any firewalls and router ACLs that might belim-Internet connectivity is
needed in order to complete
this RAP as a Service offering
You will require access to the following sites and URLs:
For general use:
https://services.premier.microsoft.com
For token activation and authentication:
http://corp.sts.microsoft.com.
http://live.com
For data collection:
http://go.microsoft.com
For data submission
https://services.premier.microsoft.com
https://*.windows.net
https://ajax.aspnetcdn.com
Note: Some of these URLs cannot be opened using a web browser.
Review the article below for complete information regarding these URLs:
https://ppas.uservoice.com/
includes remote access to DCOM, Remote Registry service, Windows Management Instrumentation (WMI) services, and default administrative shares (C$, D$, IPC$).
Remote WMI access must be enabled on the analyzed servers. Note that this is by default on server OS but not on client OS which is often the case for build servers. See http://msdn.microsoft.com/en-us/library/windows/ desktop/aa393266(v=vs.85).aspx and http://msdn.microsoft.com/en-us/library/aa822854(VS.85).aspx for more information.
Firewall should not block WMI on the servers or anywhere in between – for example on the servers in Windows Firewall Advanced Configuration enable this Inbound rule for domain:
Windows Management Instrumentation (WMI-In)
Administrative shares (i.e. C$) need to be enabled on the analyzed servers for remote collection of files (configs, logs) from these servers. If this is not possible, then as a workaround the locations can be temporarily shared only to the account that is used to run the collection.
Ensure that the machine you use to collect data has complete TCP/UDP access, including RPC access to all servers. The tools computer should be able to resolve the TFS servers through DNS using the configured server names - should be inthe same domain or able to resolve other domain servers. As a workaround hosts file can be modified.
IIS Management Scripts and Tools feature must be installed on TFS Application Tier, TFS Proxy and SharePoint servers – this is necessary for collection and analysis of IIS logs.
The following services must be started on the target servers: WMI
Remote Registry service Server service
Workstation service
File and Printer Sharing service Automatic Updates service
Performance Logs and Alerts service
Configure the server firewall to ensure all servers running Windows Server 2008/R2 and higher have “Remote Event Log Management” enabled: RAP as a Service Client might be unable to collect event log information from a Windows Server 2008/R2 or higher SQL Servers hosts if “Remote Event Log Management” has not been allowed. When “Remote Manage-ment” is enabled, the rules that allow Remote Event Log Management are also enabled.
Connectivity Testing
Event Log: To test if the tool will be able to collect event log data from a Windows Server 2008 R2 server, you can try to connect to the Windows Server 2008/R2 server using eventvwr.msc. If you are able to connect, collecting event log data is possible. If the remote connection is unsuccessful you may need to enable the Windows built-in firewall to allow “Remote Event Log Management”.
Registry: Use regedit.exe to test remote registry connectivity to the target servers (File > Connect Network Regis-try).
Appendix A: RAP as a Service Client Targets Parameters
When running client toolset, you will be asked for some parameters to identify targets in your environment:
Only URL is a mandatory parameter but in some configurations you may need to provide a few more. When hovering over each input box you will get a description tooltip but more detailed description is provided in the following table:
URL URL of your TFS Instance for example http://tfsserver:8080/tfs. This is used to connect to your TFS and get information about the components that compose your environment - Application and Data Tier servers, SQL Instances and databases, Team Project Collections etc.
TFS Proxy servers TFS catalog usually does not contain information about TFS proxy servers. If you want to analyze some of your TFS proxy servers specify their names separated by semicolon.
TFS Reporting Services Servers
The only information TFS catalog contains regarding Reporting Services configuration is the URL. The discovery will try to find out the server by parsing this URL but if it does not work you may provide the server name(s) explicitly through this parameter.
TFS SharePoint Servers The only information TFS catalog contains regarding SharePoint configuration is the URL. The dis-covery will try to find out the server by parsing this url but if it does not work you may provide the server name(s) explicitly through this parameter.
Build Servers If you want to have some of your build servers assessed as well you can provide their names sepa-rated by semicolon here. You can use wildcard * for getting all of them automatically but remem-ber the overall numremem-ber of analyzed servers should not exceed the service limit see datasheet. Test Controller If you want to have some of your test servers assessed as well you can provide their names
collect-In the following table you can find the list of Advanced Options that you can use to impact the data collection process:
Examples:
Force collection of large IIS logs, analyze only 10 largest TPCs and include TFS BPA report:
IISLOSALL;TOPTPC:5;TFSBPA:\\ATServer\C$\Users\xuser\AppData\Roaming\Microsoft\TfsBpa\TfsBpa.20150101140021 9645.data.xml
Analyze only specific TPCs, run performance collection for 1 hour and scope only to TFS entities: TPC:DefaultCollection,Experimental,Engineering;PERF:60;SCOPETFS
IISLOGSALL IIS Logs are not collected if their size is more than 10 GB per server for the last 7 days and any analysis based on these logs are skipped. This limit can be removed by specifying this option. Note that transferring large files may impact the servers performance and network bandwidth. IISLOGSSKIP Specify this option if for any reason you want to avoid collecting IIS Logs but be aware that IIS Logs
analysis will not be performed.
TOPTPC:n By default only data for the top 50 (by size and activity) Team Project Collections and their data-bases are collected and analyzed. Moreover very small collections are skipped as well. If you want to change the limit you can provide any number in place of n. Note that analyzing large number of collections can collect large data.
TPC:<tpc1>,<tpc2> Similar to TOPTPC but instead of number of Team project Collections you provide list of names that should be analyzed. The names need to be separated by comma without spaces.
PERF:n By default we run performance monitoring for 4 hours. You should not change that for the first data collection that will be analyzed by Microsoft engineer but in future submissions you can specify shorter interval if you do not want to wait so long. These are allowed values for n: 0 - performance collection will be skipped completely.
10 - 10 minutes. Short performance collection just for sample analysis and reporting. 60 - 1 hour performance collection
TFSBPA:<path> If you use TFS Best Practices Analyzer from TFS Power Tools you can have your BPA report im-ported as well. This way BPA errors and warnings can be reviewed on the portal and will be in-cluded in the report.
The path must point to a valid and recent TFS BPA report accessible from the tools machine by the account running the tool. It can be a local or UNC path. Typically the report path is: C:\Users\<user>\AppData\Roaming\Microsoft\TfsBpa\TfsBpa.<timestamp>.data.xml
BPA gives you option to export it to another location, it can be copied to the tools machine etc.
SCOPETFS The tool’s discovery process can include non-TFS web sites, SQL Instances or even servers that can create some noise in the assessment. This option excludes these entities and focuses on analyzing only the real TFS entities. It is not recommended for some highly distributed environments spe-cifically SQL Server on Cluster or SQL Server AlwaysOn.
Appendix B: Data Collection Methods
RAP as a Service for Team Foundation Server uses multiple data collection methods to collect information. This section describes the methods used to collect data from a Team Foundation Server environment. Data collection uses workflows and collectors. The collectors are:
1. Registry Collectors 2. File Collectors 3. Event Log Collectors 4. Performance Collectors 5. SQL Collectors
6. Windows Management Instrumentation (WMI) Collectors 7. TFS Client Object Model Collectors
1. Registry Collectors
Registry keys and values are read from servers in scope of the RAP as a Service for Team Foundation Server. They include items such as :
TFS installation data from HKEY_LOCAL_MACHINE\Software\Microsoft\TeamFoundationServer\10.0 \InstalledComponents\Tools and HKEY_LOCAL_MACHINE\Software\Microsoft\TeamFoundationServer\11.0 \InstalledComponents\Tools
Windows Performance counters from
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\PerfLib
Debugger settings from HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug Operating System information from HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
This allows to determine Operation System information such as Windows Server 2003, 2008 or 2012.
2. File Collectors
IIS logs. Note that IIS logs can be quite large thus impacting the duration of data collection and network
perfor-mance in addition to requiring sufficient free disk space on the Tools machine
IIS application host config file (ApplicationHost.config)
HTTP sys error log files (systemroot\System32\LogFiles\HTTPERR)
TFS release manifest file (ReleaseManifest.xml) under TFS installation directory
Various TFS config files such as TFSJobAgent.exe.config, web.config file for TFS web access, web.config file for TFS web services, and proxy.config file for TFS version control proxy.
4. Performance Collectors
Collects Key Performance Indicators from your Team Foundation environment. They include items such as: % Processor Time
Avg. Disk sec / Read TFS Work Item Tracking TFS Version Control TFS Services
TFS File Container Service
5. SQL Collectors
Database information from the SQL Servers in TFS environment. They collect data such as: Statistics about commands or requests processed and logged by TFS
Various statistics and data about work item tracking, version control, team build, and test management TFS registry settings
Table sizes, SQL lock and process information, file I/O, database backup information SharePoint and SQL Analysis Services version information
6. Windows Management Instrumentation (WMI) WMI is used to collect various information such as:
Disk configuration: WMI_Win32_Volume, WMI_Win32_LogicalDisk, WMI_Win32_LogicalDiskToPartition IIS application pool settings: IISApplicationPoolSettings
OS hotfix and TFS patching information: Win32_QuickFixEngineering, Win32_Product, Win32_PatchPackage
7. TFS Client Object Model Collectors
Custom collectors use the Team Foundation Server client object model SDK to gather various data from the TFS environment. Some of the data collected include:
Build data such as build definitions, build status, start, finish and duration times TFS job data such as jobs, their status, history
TFS security groups TFS event subscriptions
