On-premises Deployment Dynamics 365 for Finance and Operations, Enterprise Edition

Architect: Sachin Gandhi

Date: 10/19/2017

Agenda• On-premises deployment use cases• System Requirements

• Hardware and Software• Sizing Guidance

• Licensing• How to deploy?

• Prerequisite Infrastructure• Active Directory (with AD Sync)• ADFS• SQL Server

• Service Fabric Cluster• Deploy LCS Connector• Configure and Deploy D365FF&O from LCS

• What features are not available yet• Q&A

Reasons for using on-premises

• Cloud first• Talk to your customer

• Make sure you have a valid reason to go on-premises

• Valid reasons to use on-premise• Data Sovereignty

• Unreliable internet connectivity

Architecture

ALM Architecture

Hardware Requirements

Production

# Required Cores/VM Memory/VM Cores All VMs Memory All VMs

AOS 3 8 24 24 72

MR 2 4 16 8 32

SSRS 1 4 16 4 16

Orchestrator 3 4 16 12 48

Total 48 168

Sandbox

# Required Cores/VM Memory/VM Cores All VMs Memory All VMs

AOS 2 8 24 16 48

MR 1 4 16 4 16

SSRS 1 4 16 4 16

Orchestrator 3 4 16 12 48

Total 36 128

Excluding SQL Server, AD, ADFS, File Server

Hardware Requirements

*SQL Server sizes are highly dependent on workloads.

Hardware Requirements

License Serial Number

• Partner should go to the Partner Business Center and get the license serial number for the customer

• Follow the steps in the provisioning guide on customer source to create the on-premise project in LCS

• Provisioning Guide

Sizing Guidance

• SQL (Cluster or Mirroring Setup)• 3K to 15K transaction lines/hour per core

• 3:1 AOS to SQL core ratio

• 2 to 4 GB memory per core

• AOS • 2K to 6K transaction lines per core

• 16 GB per instance

• 10 to 15 Enterprise / 15 to 25 Activity / 25 to 50 Team per core

Steps to Deploy

1. Create LCS Project for On-Premise

2. Basic Infrastructure • Create AD, AD DS, SQL Server 2016 SP1 Cluster, File Server

• Create required VMs for each type (Orchestrator, AOS, MR, SSRS), assign static IP and domain join.

3. Install Prerequisite Software• AOS (ODBC Drivers, .NET 2.0-3.5, .NET 4.0-4.6, IIS, SSMS, C++ Redistributable, Access DB Engine)

• BI (.NET 2.0-3.5, .NET 4.0-4.6, SSMS, SSRS)

• MR (.NET 2.0-3.5, .NET 4.0-4.6)

Setup Documentation

Steps to Create Service Fabric Cluster

4. Create DNS Zones and A records• ax.d365ffo.onprem.contoso.com for AOS machines

• sf.d365ffo.onprem.contoso.com for the Service Fabric cluster

5. Download setup scripts from LCS Shared Asset Library• Populate ConfigTemplate.xml file

• Run script .\New-D365FOGMSAAccounts to create service accounts

6. Configure certificates• .\New-SelfSignedCertificates.ps1 -ConfigurationFilePath .\ConfigTemplate.xml

• .\Export-PfxFiles.ps1 -ConfigurationFilePath .\ConfigTemplate.xml

Steps to Create Service Fabric Cluster

7. Setup VM’s 1. Generate scripts for each VM in cluster

1. .\Export-Scripts.ps1 -ConfigurationFilePath .\ConfigTemplate.xml

2. Copy the corresponding scripts to it’s VM

2. On each VM run the following scripts1. .\Configure-PreReqs.ps1 -MSIFilePath <path of the MSIs>

2. .\Add-GMSAOnVM.ps1

3. .\Import-PfxFiles.ps1

4. .\Set-CertificateAcls.ps1

5. .\Test-D365FOConfiguration.ps1

Steps to Create Service Fabric Cluster

8. Create a Service Fabric Cluster1. Install Service Fabric standalone package

2. Generate ClusterConfig.json file• .\New-SFClusterConfig.ps1 -ConfigurationFilePath .\ConfigTemplate.xml -TemplateConfig

<ServiceFabricStandaloneInstallerPath>\ClusterConfig.X509.MultiMachine.json

3. Test Configuration and Install Service Fabric Cluster• .\TestConfiguration.ps1 -ClusterConfigFilePath .\clusterConfig.json

• .\CreateServiceFabricCluster.ps1 -ClusterConfigFilePath .\ClusterConfig.json

• https://sf.d365ffo.onprem.contoso.com:19080

Configure LCS Connectivity, SQL Encryption

9. Configure LCS Connectivity for tenant• .\AddCertToServicePrincipal.ps1 -CertificateThumbprint <OnPremLocalAgent Certificate Thumbprint>

10.Create File Shares (SMB 3.0)• Agent

• AOS-Storage

11.Configure SQL Server• Create certificate for encryption and install public certificate on each machine that would connect to SQL

• Copy certificate thumbprint to

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.x\MSSQLServer\SuperSocketNetLib\Certificate

• Microsoft SQL Server Configuration Manager, set ForceEncryption to Yes.

Configure SQL Encryption & Databases

12.Configure Databases• Restore AxDB

• Create Empty OrchestratorData DB

• Create Financial Reporting DB

13.Encrypt SQL Credentials• Create a Credentials.json file with SQL Credentials

• Encrypt it using Invoke-ServiceFabricEncryptText command

• Copy it to: \\<File Server>\agent\Credentials\Credentials.json

Setup ADFS for Authentication

14. Configure ADFS • .\Publish-ADFSApplicationGroup.ps1 -HostUrl 'https://ax.d365ffo.onprem.contoso.com’

• Verify• https://<adfs-dns-name>/adfs/.well-known/openid-configuration

Install Local Agent

• Install Local Agent • LocalAgentCLI.exe Install <path of config.json>

Validate LCS Connectivity

• Validate Connector

Configure Deployment Setting

• Configure and Deploy the environment from LCS

Service Fabric Explorer View

End Result – Finance and Operations

Documentation

• On-premises deployment landing page

• System Requirements

• Features not yet implemented for on-premise

• Microsoft Trust Center

• Provisioning Guide

• Buy Dynamics 365 for Finance and Operations

Q&A

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S.

and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because

Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any

information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION