Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Advanced Panelboxes for Confluence
namegrey
titleExercise Overview:

Table of Contents
maxLevel3
minLevel2
indent20px
excludeSummary|On this page|In this section...
separatornewline

Installing Shopping

In this lab, you will install all Shopping Central components on the 1ETRNAP server along with the Shopping Receiver on the 1ETRNCM server. In addition, the Shopping agent will be installed on all PCs using ConfigMgr.

Prepare the environment

In this exercise, you will prepare the lab environment with the necessary configuration and components required by Shopping.

1ebest practice

Always refer to the latest product documentation (http://help.1e.com) for details of pre-requisites and system requirements for the version of Shopping you are installing.

Understanding Shopping Users and Groups

Several components of Shopping are run with the identity of either a defined user account or a special system account (such as Network Service). Beyond the accounts used by the system, there are also roles within Shopping that define the level of access that users of the system have. These roles are assigned to AD security groups and users are added into these groups to assign them the associated role. In this task, you will review the accounts and groups that need to be created or designated for Shopping.

Installer Accounts

...

Console Node

Full Shopping DB Access group

Limited Shopping DB Access group

SMS/ConfigMgr DB Access group

Sites

P

 

P

Approvers

P

P

 

User Categories

P

P

 

Computer Categories

P

P

 

Applications

P

 

P

Settings

P

 

 

Node Security

P

 

 

Event Log

P

P

 

Ensure users and groups have email AD attribute set

Shopping uses email as the primary notification method. It is therefore important that all users that interact with Shopping, as well as some of the special accounts and groups identified in the previous task, have a valid email address defined in Active Directory.

...

1eolstart
startat65


1eli
Log on to 1ETRNDC as 1ETRN\Administrator and start Active Directory Users and Computers


1eli
Review the following users and groups and ensure they have the specified email address defined in the General Properties tab


User or Group

Email address

svc_ShoppingCentral

SVC_ShoppingCentral@1etrn.local

Shopping_Admins (group)

shopping_admins@1etrn.local

Shopping_LicenseManagers (group)

Shopping_LicenseManagers@1etrn.local

Manager1

manager1@1etrn.local

Manager2

manager2@1etrn.local

User

user@1etrn.local

Finance Director

FinanceDirector@1etrn.local


1ebest practice

As Shopping is used by most users throughout an organization, it is good practice to use an easily remembered DNS alias for the Shopping Central Web Server. This alias is then defined as the Host Header for the Shopping web site in IIS. This not only makes it easier for users to remember the site name, but also allows the web site to be moved to a different server in the future if required.


Create a DNS Alias

1evirtualmachine

1ETRNDC


1eolstart
startat67


1ehot tip

In this lab environment, the chosen DNS alias is APPSTORE.


1eli
Log into 1ETRNDC as 1ETRN\Administrator


1eli
On 1ETRNDC select DNS from the Start page


1eli
In DNS manager, expand 1ETRNDC > Forward Lookup Zones and select 1ETRN.LOCAL


1eli
Select the Action menu and select New Alias (CNAME)…


1eli
In the Alias name field, type APPSTORE


1eli
Click the Browse… button next to Fully qualified domain name (FQDN) for target host, browse to 1ETRNDC > Forward Lookup Zones > 1ETRN.LOCAL, select 1ETRNAP. The new Resource Record dialog should look like the figure below. Click OK

1eli
Select OK to complete the New Resource Record wizard


1eli
From a command prompt, ping appstore. Ensure it returns 10.0.0.4(1ETRNAP)


Review Windows Features, Roles and Role Services

1ETRNAP has IIS configured as required to support ActiveEfficiency up to this point in the lab exercises. The Shopping Central Server components will also be installed on 1ETRNAP and has an additional role service that is required.

...

1eolstart
startat75


1ehot tip

In most production environments, Active Efficiency and Shopping would not be hosted on a single server. This configuration is suitable for small lab environments.


1eli
Open Server Manager on 1ETRNAP


1eli
Select Add roles and features in the Configure this local server section of the Dashboard page


1eli
Click Next on the Before You Begin page


1eli
Click Next on the InstallationType page


1eli
Click Next on the Server Selection page


1eli
In the list of roles on the Server Roles page, scroll down and expand Web Server (IIS) and then Web Server


1eli
Expand Common HTTP Features and select HTTP Redirection and click Next


1eli
Click Next on the Features page


1eli
Click Install on the Confirmation page and close the wizard when complete


1eli
Close Server Manager


Create Service Principal Name (SPN)

The Shopping Website Application feature creates the Shopping Application Pools in IIS that use the NETWORK SERVICE identity. Connection to the web application is made through an HTTP service class request on the DNS address of the host. However, because the Shopping web site is not part of the default web site, it requires a separate Host Header and corresponding DNS alias to distinguish it from the Default Web Site on the same server. 

...

1eolstart
startat85


1eli
Log on to 1ETRNDC as 1ETRN\Administrator


1ehot tip

The 1ETRN\Administrator account is the Domain Admin account. Service Principal Names are attributes of the security principal in AD, so it doesn't actually matter which computer you perform this task on, as long as the user you are logged on as has full permissions on the security principal (in this case the 1ETRNAP computer account) that you are trying to update.


1eli
Open a command prompt and type the following command. This will list all Service Principal Names currently held by the 1ETRNAP computer


Code Block
SETSPN -L 1ETRNAP


1eli
The results should appear as below. Note that SPNs have already been defined for …..

1eli
To add an SPN to 1ETRNAP for the DNS name APPSTORE , run the following commands


Code Block
SETSPN -S HTTP/APPSTORE 1ETRNAP


Code Block
SETSPN -S HTTP/APPSTORE.1ETRN.LOCAL 1ETRNAP


1ehot tip

Setting SPNs for both APPSTORE and APPSTORE.1ETRN.LOCAL allow connections using either the host name or the FQDN.


1eli
To verify the update, run the following command again


Code Block
SETSPN -L 1ETRNAP


1eli
The results should now include the SPNs for the APPSTORE DNS address

1ehot tip

If the NETWORK SERVICE identity of the Shopping Application Pools is replaced with a domain user account, the SPN must be added to that user object rather than the computer account of the Shopping web site, e.g. SETSPN -S HTTP/APPSTORE <domain>\<user>


Create ConfigMgr Administrative User for the Shopping Central Service

One of the features of Shopping, OS Filtering, provides the ability to filter the applications presented to users based on operating system criteria such as Operating System Version (Windows 7 vs. Windows 10) or Operating System Architecture (32-bit vs. 64-bit). If an application installation will fail because of operating system related prerequisites, it doesn't make sense to display these applications to users in the Shopping portal.

...

1eolstart
startat91


1eli
Log into 1ETRNCM as 1ETRN\SCCMAdmin. Launch the SkyTap Shared Drive shortcut on the desktop and navigate to 1ESHO04-55 Course Content\MiscFiles from the desktop and copy the 1E Shopping Central Service Security Role.xml file to C:\Temp


1ewarning

Ensure the right XML file is being copied, there are two in the folder, we will use the second one during the Shopping Receiver installation.


1eli
Launch the ConfigMgr console. In the Administration workspace of the ConfigMgr console, expand Security and select Security Roles


1eli
Right-click on Security Roles and choose Import Security Roles


1eli
Browse to C:\Temp and double-click on the 1E Shopping Central Service Security Role.xml file and observe that 1E Shopping Central Service now appears in the list of Security Roles


1ehot tip

The 1E Shopping Central Service Security Role was created using the same permissions that are granted to the Read-only Analyst Security Role. The Shopping Central Service does not have rights to make any changes to ConfigMgr – only to read information.


1eli
Right-click on Administrative Users in the Administration pane and select Add User or Group


1eli
Click on the Browse… button and enter svc_ShoppingCentral as the object name and click Check Names


1eli
Click OK when the name resolves


1eli
In the Assigned security roles section, click the Add… button


1eli
Select 1E Shopping Central Service and click OK


1eli
Click OK to close the Add User or Group dialog box


1ehot tip

By adding the Shopping Central Service account as an Administrative User in the ConfigMgr console, it also adds the account to the local SMS Admins group that has access to WMI remotely.


Add Receiver Service Account to local Administrators on all workstations

As you learned in the Exercise Prepare the environment (Shopping Receiver Service account ) the Shopping Receiver account requires local admin rights on client workstations in order to support the Policy Refresh and Reshopping features. The best way to configure local administrative rights for the Shopping Receiver service account / group is to add the account to the local Administrators group on workstations using Group Policy (Restricted Groups).

...

1eolstart
startat101


1eli
On 1ETRNDC, start Active Directory Users and Computers from the Start menu


1eli
Locate the svc_ShoppingReceiver account in the Users container and double-click it to open the svc_ShoppingReceiver Properties


1eli
Select the Member Of tab, click Add…, enter Workstation Admins and click OK


1eli
Click OK to close the svc_ShoppingReceiver Properties dialog box, then close Active Directory Users and Computers


Install Shopping Central

In this exercise, you will install all Shopping Central components onto 1ETRNAP.

Install Shopping Central on Application Server

1evirtualmachine

1ETRNAP 


1eolstart
startat105


1eli
On 1ETRNAP and log in as 1ETRN\AppInstaller. Launch the SkyTap Shared Drive shortcut on the desktop and navigate to 1ESHO04-55\Shopping.v5.5.0.397 and copy ShoppingCentral.msi to C:\Temp


1eli
Start a command prompt (Run as administrator) and switch to the C:\Temp directory


1eli
Run the following command to start the installation wizard


Code Block
msiexec.exe /i ShoppingCentral.msi /l*v ShoppingCentral-Install.log


1eli
On the Welcome page click Next


1eli
On the Shopping Prerequisite page, ensure all the checks passed and click Next


1eli
Accept the license agreement and click Next


1eli
On the Installation Type page, select Complete Install and click Next


1eli
On the Customer Information page, input an Organization name. Copy and paste the license key from 1ESHO04-55 Course Content\License.txt by launching the SkyTap Shared Drive shortcut on the desktop and navigate tinto the Shopping License Key: field and click Next


1ehot tip

WSA is out of scope for this course, so we will leave that blank.


1eli
On the Custom Setup page, ensure all features are selected for installation and click Next


1eli
On the Database Server page, leave the server as (local) and the Database Name as Shopping2 and click Next


1eli
On the 1E ActiveEfficiency Server page, enter 1ETRNAP as the name of the ActiveEfficiency Server and click Next


1eli
On the Active Directory Integration page, type 1ETRN.LOCAL and click Next


1ehot tip

This can be either the name of a domain controller or the fully qualified domain name.


1eli
On the Service Account page, in the User name field, type 1ETRN\svc_ShoppingCentral and in the Password field, type Passw0rd


1eli
In the field for the receiver service account, type 1ETRN\svc_ShoppingReceiver and click Next


1ehot tip

The Shopping Receiver service connects to the Shopping Central Web Site using HTTP. The Shopping Central installer checks that this is a valid account (or group) during installation of Shopping Central.


1ebest practice

The recommended approach in production environments is to add the Receiver service account to an AD group and specify the group rather than the actual account. This allows for future changes to the Receiver service account, adding the new account into the defined group rather than having to reconfigure Shopping.


1eli
On the Exchange or SMTP Server page, type 1ETRNDC.1ETRN.LOCAL and click Next


1ehot tip

For this lab, a simple SMTP application has been installed on 1ETRNDC to enable the sending of email via Shopping. In a production environment, this should be the fully qualified domain name of the SMTP server where Shopping will send emails.


1eli
On the SMS / System Center Configuration Manager Integration page, enter the name of the Principal ConfigMgr site server, in this case 1ETRNCM.1ETRN.LOCAL and click Next


1ehot tip

The Principal ConfigMgr site is the site where the Packages to be offered through Shopping are defined. This is typically the Central site in ConfigMgr 2007 and the CAS (if installed) in ConfigMgr 2012. However, if you are using ConfigMgr 2007 and have Packages defined on primary sites below the Central site (e.g. on Regional Primary Sites), Shopping Central may need to be configured to use this site. In these scenarios, it is often necessary to create multiple Shopping environments – one for each Regional primary site.


1eli
On the Admin Console Node Security page, enter the following information and click Next


1eimplementationicontable

Full Shopping DB Admin Access:        1ETRN\ShoppingConsole_Admins
Limited Shopping DB Admin Access:  1ETRN\ShoppingConsole_Users
SMS / ConfigMgr Access:                    1ETRN\ShoppingConsole_SMSUsers


1ehot tip

Refer to the Database Access groups information for details of these groups


1eli
On the Shopping Management Accounts page, enter the following information and click Next


1eimplementationicontable

Admin account:                  1ETRN\Shopping_Admins
Reports access account:     1ETRN\Shopping_ReportViewers
License manager account: 1ETRN\Shopping_LicenseManagers


1ehot tip

Refer to the Management Accounts and Groups section for more details of these groups.


1eli
On the Website Configuration page, in the Host Header field, type APPSTORE and click Next


1ewarning

If a non-standard port is used, the Shopping URL will need to have the port appended to the end. e.g. If port 8081 is used, then the host header for this example would be http://appstore:8081.


1eli
On the Shopping URL prefix page, ensure that http://appstore is displayed and click Next


1eli
On the Ready to Install the Program page, click Install


1eli
Click Finish to close the setup wizard once complete


Review the installation

In this task, you will observe the changes made by the Shopping Central installer.

...

1eolstart
startat127


1eli
Open Windows Explorer and browse to C:\Program Files (x86)\1E\Shopping. Note the following subfolders:


Folder

Description

AdminConsole

This is the Shopping Administrator Console

CentralService

This is the Shopping Central Service and includes workflow integration components for integration with 3rd party systems

Database

This folder contains all the binary files used to configure the Shopping SQL database. Using compiled code to manage the SQL configuration enables Shopping to be easily patched using Windows Installer patches (MSP).

Website

This folder contains the Shopping website and Shopping API components


1eli
From the Start screen start Internet Information Services (IIS) Manager, expand 1ETRNAP > Sites and observe the Shopping website


1eli
Select Application Pools (just above Sites) and note that there are two application pools for Shopping (Shopping Pool and ShoppingAPI Pool) and that they are configured to run with the identity of NETWORK SERVICE


1eli
Start the Registry Editor (from the Start screen, start typing regedit and click regedit.exe when it appears in the search results) then navigate to HKLM\Software\1E\ShoppingCentral. Note that this only contains licensing information which is hashed


1eli
In the Registry Editor, navigate to HKLM\Software\Wow6432Node\1E\ShoppingCentral. Note that this contains basic information regarding the installation


1eli
Open the Services console (from the Start screen) and identify the 1E Shopping Central service. Ensure this service is running


1eli
Open Microsoft SQL Server Management Studio (from the Start screen) and expand the Shopping2 database. Note that the installer has created objects (tables, views, stored procedures etc)


1eli
In the Security node of the Shopping2 database, navigate to Roles > Database Roles and note that the db_ShoppingConsoleAdmin and db_ShoppingConsoleUser roles have been created by the Database feature installation. View the properties of both and note that the group ShoppingConsole_Admins is added to the ShoppingConsoleAdmin role and that ShoppingConsole_Users is added to the ShoppingConsoleUser role


1eli
Browse to C:\ProgramData\1E\ShoppingCentral. This is where you will find the ShoppingCentral diagnostic log. Double-click ShoppingCentral.log to open it. Review the log entries focussing on service startup tasks


1eli
From the Start screen, start typing Shopping. When Shopping Administration appears in the search results, right-click it and select Pin to Taskbar (you'll be using this a lot, so let's make it easy to get to)


1eli
Now click Shopping Administration on the Start screen. Ensure that the Shopping Admin Console opens without errors and note the different nodes available in the left-hand pane. We'll come on to each of these throughout this course


1eli
Open Internet Explorer (from the Start screen) and go to http://appstore/shopping


1eli
Ensure the Shopping web page opens successfully. There won't be much of interest on it currently, but the Home page should load without errors


Configure HTTP Redirection

Now, the URL to connect to Shopping is http://appstore/shopping. HTTP Redirection (a Web Server (IIS) Role Service - see earlier task) can be used to simplify this to http://appstore.

...

1eolstart
startat140


1eli
Open Internet Information Services (IIS) Manager and select the Shopping web site


1eli
In the main center pane with all the icons, double-click the HTTP Redirect icon in the IIS section (you may need to scroll down to see it)


1eli
Check the Redirect requests to this destination option and enter ../shopping


1eli
Check the Only redirect requests to content in this directory (not subdirectories) option


1ewarning

By default, IIS will apply the redirection to all sub-sites (/Shopping and /ShoppingAPI in this case). This would cause any attempts to load the page to enter an infinite loop as /Shopping would redirect to itself! In some cases, even if this option is selected, you may find the subdirectories still have the redirection applied. To be sure, check the HTTP Redirect settings on the /Shopping and /ShoppingAPI subdirectories and ensure redirection is DISABLED on these.


1eli
Click Apply (in the Actions list on the right)


1eli
Open Internet Explorer (if the Shopping site is already open, close and reopen the browser) and browse to http://appstore to confirm the redirection is working and the shorter URL can be used


Increase Shopping Central logging level

In order to use the Central Service log file to monitor processes throughout this course, you will now increase the level of detail that is written to the ShoppingCentral log.

...

1eolstart
startat146


1eli
On 1ETRNAP browse to C:\Program Files (x86)\1E\Shopping\CentralService


1eli
Make a backup copy of ShoppingCentral.exe.config


1ewarning

The lab environment has been modified so that file extensions are displayed, but this may not be the case in many production environments. In the default Windows Explorer view (with file extensions hidden), ShoppingCentral.exe.config will appear as ShoppingCentral.exe, and ShoppingCentral.exe appears as ShoppingCentral.


1eli
Right-click on ShoppingCentral.exe.config and select Edit to open the file in Notepad


1eli
Search for the text <level value="INFO"/> in the <log4net> section of the file


1eli
Replace the word INFO with ALL and save the file


1ehot tip

If the ShoppingCentral service fails to start, an error was made when editing the file.


Reduce the Cache Duration for user access to the portal

When a user launches the Shopping portal from a given computer for the first time, Shopping will evaluate the applications that are available to the user based on the User Categories associated with that the user and Computer Categories associated with that the computer. Rather than performing this evaluation every time the user logs on to the Shopping portal, the information is cached, along with the last logon time for that particular user and computer combination. If the Shopping portal is launched within 15 minutes of the last time the user launched Shopping from the same computer, the available applications will reflect whatever was cached at that earlier time.
As we will be making many changes to categories throughout this course, we do not want to be waiting around for up to 15 minutes before we see the effect of these. In this task, you will reduce this duration down to 1 minute to make things move a bit faster.

...

1eolstart
startat151


1eli
Open Microsoft SQL Server Management Studio, select the Shopping2 database and click New Query in the toolbar


1eli
Enter the following query and click !Execute in the toolbar. You should see (1 row(s) affected) in the Messages tab


Code Block
Update tb_Preference set PreferenceValue=1 where PreferenceName='Cache Duration'


1ehot tip

The tb_Preference table stores all the settings that you see in the Settings node in the console. Cache Duration is defined as a hidden setting so it can only be changed directly in the database.


1eli
Restart the 1E Shopping Central service for the logging info and cache duration changes to take effect


1eli
If the ShoppingCentral service fails to start, an error was made when editing the config file


Install the Shopping Receiver

In this exercise, you will install the Shopping Receiver Installer components onto 1ETRNCM.

Create Shopping Receiver security role in ConfigMgr

The Shopping Receiver service account requires the ConfigMgr permissions defined on page . 1E provide an XML file that can be imported to create a ConfigMgr Security Role with all the required permissions. In this task, you will import the security role definition and then add the Shopping Receiver service account to the new role.

...

1eolstart
startat155


1eli
Log on to 1ETRNCM as 1ETRN\SCCMAdmin


1eli
Launch the SkyTap Shared Drive shortcut on the desktop and navigate to 1ESHO04-55 Course Content\MiscFiles and copy 1E Shopping Receivers Security Role.xml to C:\Temp


1eli
Open the Configuration Manager Console from the Start screen


1eli
Select the Administration workspace and expand the Security node


1eli
Right-click Security Roles and select Import Security Role


1eli
In the Import Security Role dialog box browse to C:\Temp\1E Shopping Receivers Security Role.xml and click Open


1eli
Right-click the Administrative Users node and select Add User or Group


1eli
In the Add User or Group dialog box, click Browse… then enter svc_ShoppingReceiver and click OK


1eli
Click the Add… button to the right of the Assigned security roles list, select 1E Shopping Receivers from the list of roles and click OK


1ewarning

Do not get the receiver and central roles/users mixed up!


1eli
Click OK to close the Add User or Group


Install the Shopping Receiver on ConfigMgr Primary Site

In this task, you will install the Shopping Receiver Service on the ConfigMgr Primary site server.

...

1eolstart
startat165


1eli
Launch the SkyTap Shared Drive shortcut on the desktop and navigate to 1ESHO04-55 Course Content\Shopping.v5.5.0.397 and copy ShoppingReceiver.msi to C:\Temp


1eli
Start a command prompt (run as administrator) and switch to the C:\Temp directory


1eli
Type the following to start the Shopping Receiver install wizard


Code Block
msiexec.exe /i ShoppingReceiver.msi /l*v ShoppingReceiver-Install.log


1eli
On the Welcome page click Next


1eli
Accept the license agreement and click Next


1eli
On the Destination Folder page, click Next


1eli
On the Register Service Account page, select This Account and in the user name field, type 1ETRN\svc_ShoppingReceiver and in the password field type Passw0rd, then click Next


1eli
On the Policy Refresh page, ensure Native is selected and set the Policy Refresh delay to 30 seconds then click Next


1ehot tip

Policy refresh triggers the ConfigMgr agent to perform a 'Machine Policy Retrieval & Evaluation Cycle' to accelerate the delivery of the deployed program or application. With policy refresh enabled, Shopping is able to deliver applications immediately after the approval process has been completed. Policy Refresh can be invoked directly via the Shopping Receiver (native) or by integration with 1E WakeUp. The Policy refresh delay allows ConfigMgr to process the Collection update and policy assignment before getting the client to check for the new policy. While 10 seconds is usually sufficient time, in this lab we increase the delay to 30 seconds to allow for performance of the virtual ConfigMgr server.


1eli
On the Shopping URL Prefix page, type http://appstore and click Next


1eli
On the Default Advanced Client Flags page, select Default and click Next


1ehot tip

The Receiver installer allows you to enter default settings that will be used when it creates a Deployment in ConfigMgr. These settings are especially useful if integrating Shopping with 1E Nomad. The following options are available:

Default – Uses the default deployment options for ConfigMgr.
Always download from DP – The package is always downloaded from the distribution point. This should be used when integrating with 1E Nomad.
Always run from DP –The package is always run from the distribution point (only applicable to legacy Packages).


1eli
On the Ready to Install the Program page, click Install. When the installation completes, close the setup wizard


Review the installation

In this task, you will review the effects of the Shopping Receiver installation.

...

1eolstart
startat176


1eli
Run regedit.exe and navigate to HKLM\Software\Wow6432Node\1E\Shopping.Receiver.v5.5.0. Note that this contains basic information regarding the installation


1eli
Open the Services console from the Start menu and identify the 1E Shopping Receiver+5.5.0 service


1eli
Browse to C:\ProgramData\1E\Shopping.Receiver\v5.5.0. This is where you will find the Shopping Receiver diagnostic log. Double-click Shopping.Receiver.log to open it in CM Trace and ensure the Shopping Receiver service started successfully without any errors


1eli
Browse to C:\Program Files (x86)\1E\Shopping\Shopping.Receiver.v5.5.0. This folder contains the Shopping Receiver binaries that interact with ConfigMgr


1eli
Double-click Shopping.Receiver.exe.config to open it in Notepad and observe the configurable settings for the Shopping Receiver service in the <appSettings> section. Many of these settings were specified in the Install wizard


1eli
Search for level value="Info"


1eli
Change the Info to All


1eli
Save the file


1ehot tip

Leave this file open, we'll be returning to it to make a configuration change in the next task.


1eli
Open SQL Server Management Studio and navigate to Databases > CM_PS1 > Security > Users


1eli
Double-click the 1ETRN\svc_ShoppingReceiver user (this user was added to the ConfigMgr database by the Shopping Receiver installation) to view its properties


1eli
In the Database User – 1ETRN\svc_ShoppingReceiver dialog box, select the Membership page on the left and observe that this user has been assigned only the db_datareader role on the ConfigMgr database


1eli
In the Database User – 1ETRN\svc_ShoppingReceiver dialog box, select the Securables page. Note that the user has been granted Execute permissions on the fn_GetAppState and fn_GetSiteNumber scalar functions


1eli
Click OK to close the user properties dialog box


1ediscussion point

You may have observed that the Shopping Receiver folders, service and registry keys all include the version number in their name. This is to allow side-by-side upgrade from previous versions where a new instance of Shopping Central is being implemented alongside an existing instance of an earlier version.


Configure the Default Limiting Collection

The Shopping Receiver is responsible for creating ConfigMgr objects (collections and deployments) and placing computers and users into appropriate collections to allow software to be deployed. By default, the Limiting Collections for all the collections created by the Shopping Receiver is 'All Systems' and 'All Users and User Groups'. In many environments, this is not a desired configuration.
In this task, we will modify the default limiting collection for computer collections.

...

1eolstart
startat189


1eli
Return to the Shopping.Receiver.exe.config file


1eli
Locate the <appSettings> section and observe the values in RootDeviceCollectionId and RootDeviceCollectionName


1eli
Replace the RootDeviceCollectionId value with PS10000B


1ewarning

Be sure to input the collection name and ID exactly as they are in the console. The ID is with 4 zeros. If these values are not inputted correctly, the Shopping Receiver will fail to create objects in ConfigMgr.


1eli
Replace the RootDeviceCollectionName value with Lab Workstations


1eli
Save and close the file


1eli
Restart the 1E Shopping Receiver+ 5.5.0 service


1ehot tip

All collections created by the Shopping Receiver will now use Lab Workstations as the limiting collection. This methodology can be used to prevent certain machines (servers for example) from getting software inadvertently deployed to them by not allowing them to be members of the Shopping deployment collections


Deploy the Tachyon agent

Previous versions of Shopping used the Shopping Agent to enable the Shopping website to retrieve information about the user's PC. In an effort to reduce the number of agents customers need to deploy, 1E is in the process of combining existing agent functionality into a single agent, which happens to be the Tachyon Agent. With Shopping 5.5, the functionality of the Shopping Agent and the new Windows Servicing Assistant (WSA) functionality has been implemented as a module of the 1E Tachyon Agent v3.2. The Tachyon Agent v3.2 must be installed on all PCs from which users will access the Shopping portal. This integration requires specific client machine identification so that Configuration Manager knows the correct client deployment target. 

In this exercise, we will use the 1E Agent Endpoint Installation Solution Accelerator to create the ConfigMgr deployment objects and deploy the Tachyon Agent to all ConfigMgr clients.

Prepare to Deploy the Tachyon Agent

1evirtualmachine

1ETRNCM


1eolstart
startat195


1eli
Launch the SkyTap Shared Drive shortcut on the desktop and navigate to 1ETools and copy the contents of EndpointInstallation.1.2.1.6 folder to C:\Temp\EndpointInstallation.v1.2.1.6 (you may need to create the folder in Temp)


1eli
Browse to the C:\Temp\EndpointInstallation.v1.2.1.6 folder and double-click on EndpointInstallation.exe to launch the wizard


1ehot tip

You might have to change the resolution of the remote computer session to fit the wizard to the screen depending on the size of your display.


1eli
On the Welcome page, click Next to continue


1eli
Accept the license terms on the License Terms page and click Next


1eli
On the ConfigMgr Connection page, with Local ConfigMgr Site Server selected, click Connect. When the status changes to Connected, click Next


1eli
On the General Settings page, note that the fields are pre-populated with information that is appropriate for the lab environment. Click Next


1eli
On the Agent Selection page, deselect all items except Tachyon 3.2.0.618 and click Next


1eli
On the Tachyon 3.2.0.618 page, verify that the limiting collection is set to Lab Workstations and click Next to continue


1eli
On the Tachyon Settings page, verify that Enable Shopping Module and Edge Windows App browser support are ticked and also ensure that Shopping Web URL has http://appstore/shopping/ address is entered. Click Next to continue


1ehot tip

Enable Shopping Integration : Enables support for the 1E self-service portal and Windows Servicing Assistace, Any previous Installation of Shopping Agent will be removed when Tachyon Agent starts. 
Shopping Central URL : It should be set to the URL for the Shopping website. The Shopping website uses a host header, for which a DNS allias was defined earlier 
http://appstore/shopping/ The Tachyon Shopping module uses a loopback mechanism that enables the browser to make calls to the Shopping Agent via the local computer. The Tachyon Shopping module contacts the Shopping Central website to get the appropriate URL to use for the local loopback mechanism and the URL is no longer locally configured, as was the case for the previous Shopping Agent Installer. 
Enable Edge/Windows App Support: If users are likely to access the Shopping web site using Microsoft Ede or other Metro Browsers.


1eli
On the Summary page, once the list is finished compiling, take a moment and review the actions that are about to be taken. When ready, click the Create button


1ehot tip

If Shopping Integration is enabled, when the Tachyon Agent starts it will attempt to automatically remove any previous installations of the 1E Shopping Agent.


1eli
The actions will be recorded as they are completed on the Progress page. When the Status changes to Successful, you may review the completed actions and click Next when ready


1eli
Click Finish on the Completion page to close the wizard


Observe the Results of Running the Endpoint Agent Installation Wizard

Once we have run the Endpoint Agent installation wizard, we will look at the objects that were created in the ConfigMgr console.

...

1eolstart
startat207


1eli
In the ConfigMgr console, select the Assets and Compliance workspace and click on Device Collections


1eli
Note that the 1E Tachyon 3.2.0.618 – Required collection has been created and has zero members at this point


1eli
Click on the Deployments tab at the bottom of the page and note that the 1E Tachyon 3.2.0.618 – Required application has been deployed to the collection


1eli
In the Software Library workspace, expand Application Management and select Applications


1eli
Note the 1E Tachyon 3.2.0.618 application has been created and the content has been distributed to the distribution point


Deploy the Tachyon Agent to Lab Workstations

Now that all the required components are created in the ConfigMgr console, we simply need to add our desired targets to the 1E Tachyon 3.2.0.618 – Required collection and force a machine policy update cycle to deploy the Tachyon Agent.

...

1eolstart
startat212


1eli
In the ConfigMgr console, go to the Assets and Compliance workspace and select Devices


1eli
Multi-select the 1ETRNW71, 1ETRNW72, 1ETRNW73, 1ETRNW101 and 1ETRNW102 computers


1eli
Right-click on any of them, select Add Selected Items > Add Selected Items to Existing Device Collection


1eli
Select the 1E Tachyon 3.2.0.618 – Required collection and click OK


1eli
Click on Device Collections, select the 1E Tachyon 3.2.0.618 – Required collection and refresh the view until the Member Count shows 5


1eli
Right-click on the 1E Tachyon 3.2.0.618 – Required collection, select Client Notification and choose Download Computer Policy


Validate the Tachyon Agent component installation on each client

After a few minutes, complete the following tasks to ensure the Tachyon Agent is installed and functioning.

...

1eolstart
startat218


1eli
Log on as 1ETRN\user


1eli
Open Programs and Features from Control Panel and verify that 1E Tachyon Agent is installed


1ehot tip

Might take a minute or two after policy refresh for the application to install. Hit F5 after a minute to refresh the view. If you don't see it after a few minutes, manually run computer policy on the client.


1eli
Open the Services applet from the desktop and note the 1E Tachyon Agent service running


1eli
Open the Tachyon.Agent.log file in C:\ProgramData\1E\Tachyon


1eli
Search for the following in the log file: module.shopping.enabled and note that it is set to true


1eli
Note the line above it, showing the URL to the Shopping API

Lab Summary

We started this lab identifying the key users and groups that Shopping uses both internally and for administration. We reviewed the permissions and security rights that these specific users and groups require, and which of these are normally configured by the Shopping Central and Receiver installers.
We learned how to use a DNS alias, combined with HTTP Redirection, to enable Shopping to be accessed using an easily remembered URL. You also understand therefore why it is necessary to define a Service Principal Name for the HTTP service class on the alias address.
We prepared the environment for the installation of Shopping. We installed the Shopping Central service on the application server, and then installed the Shopping receiver on the ConfigMgr Primary site server.
Lastly, we deployed the Tachyon agent to our lab workstations. The Tachyon agent allows for the proper identification of the machine/user accessing the Shopping portal. It is also used for WSA orders.

...