Q: How do I install System Center 2012 R2 Orchestrator Service Management Automation?

A: Orchestrator Service Management Automation (SMA) is a new component in System Center 2012 R2 and is a core component for Windows Azure Pack for automation. Orchestrator SMA consists of three components:

  • Web Service
  • Runbook Worker
  • PowerShell Module

You can install all three components on the same operating system instance; some deployments will co-locate Orchestrator with Windows Azure Pack, but these are generally limited to test of lab environments. I recommend installing on Windows Server 2012 R2 Update 1 that has been patched to the latest available level. The Web Service role has several prerequisites that you can install by running the following PowerShell code from an elevated PowerShell window (you'll need to change the source folder in the Dism command to your own Server 2012 R2 Update 1 source folder, which is necessary for .NET Framework 3.5):

Install-WindowsFeature NET-Framework-45-Core, Web-Server, Web-Basic-Auth, Web-Windows-Auth, Web-Url-Auth, Web-Asp-Net45, NET-WCF-HTTP-Activation45

Dism.exe /online /enable-feature /featurename:NetFX3 /All /Source:"S:\OS Images\Windows Server 2012 R2 Update 1\sources\sxs" /LimitAccess

Create an Active Directory account for the SMA service to run as (e.g., SMAServ), which should be a regular domain user but should be a local administrator on the SMA server. Set the password to never expire. Also create an account for Windows Azure Pack to connect to SMA as (e.g., SMAAdmin).

Create an Active Directory Group, SMAAdmins, that will contain the SMA administrators. Add the SMAAdmin account to the SMAAdmins group.

Request a certificate for the SMA web service from your enterprise certification authority (CA) or from a trusted external party. I like to request the certificate with a subject alternative name of sma.<domain> as well, so I can use a short name in the future—but this isn't required.

Proceed with the installation of all three components via the Orchestrator setup program and complete all required questions. When installing the Web Service, you should specify the SMAAdmins group as the security group with access to SMA. Also select the certificate requested earlier; don't use a self-signed certificate.

When the installation is complete, you can add the SMA installation to Windows Azure Pack via the Automation workspace area and use the SMA URL (e.g., https://savdalsma01.savilltech.net:9090) and an account to connect as (e.g., SMAAdmin), as the following figure shows.