Scripted Installation of SharePoint 2013 and Office Web Apps Server – From the Field (Part 4)
This is fourth post in the scripted installation of SharePoint 2013 and Office Web Apps Server blog series, covering the installation, deployment and configuration of an Office Web Apps Server Farm
For SharePoint farm topology, installation and provisioning of all required service applications please see blog one, two and three of this series.
- Farm Topology and Prerequisites
- SharePoint Installation, Configuration and Basic Service Applications Deployment
- User Profile, Search and Distributed Cache Service Applications Deployment
- Office Web Apps Server farm Implementation and Configuration
OWA Overview
Office Web Apps is the online companion to Office Word, Excel, PowerPoint, and OneNote applications. It enables users to view and edit documents through a browser by providing a representation of an Office document. A SharePoint 2013 farm can be configured to use the Office Web Apps Server farm and provide Office Web Apps functionality to users who create or open Office files from SharePoint libraries.
Office Web Apps (OWA) Server supports two primary installation scenarios: a single-server Office Web Apps Server farm, and a multi-server load-balanced Office Web Apps Server farm. For this blog series, continuing with the desire for high availability, OWA will be implemented in a two-server load-balanced mode, utilising the same hardware load balancing solution as the SharePoint web front end servers. The OWA traffic will be encrypted and the solution will be implemented over HTTPS. The OWA Server will not run any other server applications including Exchange Server, SharePoint Server, Lync Server, and SQL Server. Also no other services or roles that depend on the Web Server (IIS) role on port 80, 443, or 809 should be installed on the OWA servers, as OWA Server periodically removes web applications For this blog series,
Prerequisites and Assumptions
- Ensure that ports 443 (HTTPS traffic), 80 (HTTP traffic) and 809 (private traffic between the servers that run Office Web Apps Server in the farm) are not blocked by firewalls on the two Office Web Apps Servers.
- All Office Web App servers have an additional drive to host Data and Log flies.
- Copy the OWAScripts.zip to the E:\Install\scripts directory.
- Download and mount the OWA installation media ISO to drive D:\ on both servers
- The two OWA servers have Windows Server 2012 installed and are called OWA1 and OWA2 respectively
Request an Internal SSL Certificate
The internal URL used to provision the certificate is officeweb.sharepoint.company.com
Ensure that the certificate meets the following requirements:
- The certificate must come from a trusted Certificate Authority (CA) and include the fully qualified domain name (FQDN) of the Office Web Apps Server farm in the SAN (Subject Alternative Name) field (if the FQDN is not in the SAN when you try to use the certificate, the browser will either show security warnings or won’t process the response).
- The certificate must have an exportable private key.
- The Friendly name field must be unique within the Trusted Root Certificate Authorities store (OfficeWeb).
- The FQDN in the SAN field must not begin with an asterisk (*).
- The certificate properties and extensions do not matter. Office Web Apps Server requires no particular certificate property or extension
- The FQDN of the certificate resolves to the IP address assigned to the load balancer for the Office Web Apps Server farm.
The SSL offloading is set to off by default as part of the setup. When SSL is offloaded, it allows each Office Web Apps Server in the farm to communicate by using HTTP with the load balancer. However, all references to resources in the HTML are HTTPS references. If this is not set and HTTP is used, users will not be able to see resources or they will see security warnings. When offloading is set to off, SSL terminates at the individual servers that run Office Web Apps Server instead of the hardware load balancer.
The SSL will be terminated at the load balancer instead, due to the following advantages:
- Simplified certificates management
- Improved soft affinity
- Improved performance
Install Windows Roles and Features
Execute the following PowerShell script to install the required windows components on both servers followed by a server restart:
Import-Module ServerManager
Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,InkandHandwritingServices
Install Office Web Apps Server
Launch the installation from mounted ISO image on both servers and define the installation location as illustrated below:
Create the Office Web Apps Server Farm
Validate the following variables defined in the WAC_ConfigureOWAFarm.xml using the following table:
Variable |
Value |
Description |
CacheLocation |
E:\Program Files\Microsoft\OfficeWebApps\Working\d\ |
Specifies the location of the global disk cache that is used to store rendered image files. The default location is%programdata%\Microsoft\OfficeWebApps\Working\d\. |
CacheSizeInGB |
50 |
Specifies the maximum size of the global disk cache in gigabytes |
CertificateName |
<INSERT FRIENDLY NAME> |
Specifies the friendly name of the certificate that Office Web Apps Server uses to create HTTPS bindings. In the production environment it is not a requirement to specify the CertificateName parameter as the SSLOffloaded parameter is being used and the certificates are installed on the load balancer |
EditingEnabled |
True |
Enables support for editing in the browser |
InternalURL |
https:// officeweb.<FQDN> |
Specifies the URL root that SharePoint use to access the Office Web Apps Server farm |
LogLocation |
E:\Program Files\Microsoft\OfficeWebApps\Data\Logs\ULS\ |
Specifies the location on the local computer where activity logs are stored. |
LogRetentionInDays |
30 |
Specifies the number of days that log entries are stored. Log entries older than the configured date are trimmed. |
MaxMemoryCacheSizeInMB |
5000 |
Specifies, in megabytes, the maximum amount of memory that the rendering cache can use. |
RenderingLocalCacheLocation |
E:\Program Files \Microsoft\OfficeWebApps\Working\waccache |
Specifies the location of the temporary cache for use by the Word and PowerPoint Viewing Services. |
SSLOffloaded |
True |
Indicates to the servers in the Office Web Apps Server farm that SSL is offloaded to the load balancer. When SSLOffloaded is enabled, web applications are bound to port 80 (HTTP) on the local server. However, HTML that references other resources, such as CSS or images, uses HTTPS URLs for those references. |
Login to the first OWA server (OWA1) and launch PowerShell as administrator. Execute the following command to create the OWA farm:
Set-ExecutionPolicy Unrestricted –force
E:\Install\scripts\WAC_ConfigureOWAFarm.ps1 -configLocation E:\Install\scripts\WAC_ConfigureOWAFarm.xml
Join Server to the Office Web Apps Farm
Login to the second OWA server (OWA2) and launch PowerShell as administrator. Execute the following command to join the server to the farm:
Set-ExecutionPolicy Unrestricted –force
Import-Module OfficeWebApps
New-OfficeWebAppsMachine –MachineToJoin OWA1.<FQDN> -Confirm:$false
Create SharePoint Binding
Login to the SharePoint Application Server hosting the Central Administration site and launch SharePoint Management Shell as administrator. Execute the following command to start consuming WAC service:
WACServer = "officeweb.<FQDN>"
$WOPIZone = "internal-https"
#Configure SP Farm to OWA Farm
New-SPWOPIBinding -ServerName $WACServer
#Set the WOPI Zone
Set-SPWOPIZone –zone $WOPIZone
Get-SPWopiZone
$config = (Get-SPSecurityTokenServiceConfig)
$config.AllowOAuthOverHttp = $true
$config.Update()
Comments
Anonymous
September 16, 2013
Thank you for this helpful Post! http://www.desertedroad.comAnonymous
September 17, 2013
#Configure SP Farm to OWA Farm New-SPWOPIBinding -ServerName $WACServer Why $WACServer and not the WACfarm ?Anonymous
October 15, 2013
Do you specify the service accounts of OWA manually as part of the IIS configuration after the installation?Anonymous
October 21, 2013
SharePoint 2013 and Office Web Apps is quite a new thing in the market. People are not aware of its various features and its installation process. The above blog about its Scripted Installation is valuable for every individuals and one should really go through the same to attain a good knowledge of the related aspect. The discussed apps are very reasonable and affordable to the various individuals.Anonymous
October 22, 2013
@Erik - in this situation the expectation is that the OWA farm is load balanced and we are pointing the binding to the URL that resolves to the VIP of this load balancer. The variable terminology used can be changed if you want to make it more descriptive. @Marc - The service accounts are used to run the above scripts on the OWA farmAnonymous
December 08, 2013
Thanks for nice blog and informative steps!!Anonymous
April 07, 2014
I have ssl offloading. when creating sharepoint binding, I had to use allowhttp switch, otherwise, the new-spwopibinding complains with the following: New-SPWOPIBinding : Sorry, we have encountered an error and New-SPWOPIBinding has failed. If you are using a server configured with HTTP, you must include the -AllowHTTP parameter. Should I have the allowhttp switch? If no, what could be wrong? Thanks