It is hard to find a proper documentation online under this topic so I thought of posting this article as I’ve experienced Office Web Apps 2013 Deployment in Production.
If you are not a browser fan, you can download PDF version of my Article from Microsoft Technet Gallery – https://gallery.technet.microsoft.com/Setting-up-Multi-Server-23e1f2ca
Microsoft Office Web Apps 2013 is now a fully isolated far that supports multiple and various integration such as SharePoint, Lync, Skype for Business and other Third Party Applications. Basically, single Web Apps Farm serves OWA capabilities for multiple applications so that it is so simple to manage and integrate.
This step-by-step guide will show you how to setup an Office Web Apps 2013 Farm with high availability and security. The naming and certificates used in this scenario are for demonstration purposes. You need to use meaningful names and obtain a valid SSL certificate for your scenario and environment.
This Guide will cover the following requirements.
Multi-Server Farm: Setup Office Web Apps with Microsoft NLB for high availability and load balancing
Setup Office Web Apps Farm with better security using SSL for HTTPS. It is highly recommended to use HTTPS for Production Office Web Apps Deployments as HTTP meant only for developmental and testing environments only.
Before we begin on the installation and configuration, it is recommended to go through references below that may provide you all the basic information and knowledge about Microsoft’s Office Web Apps Server Product.
- Configure Office Web Apps for SharePoint 2013 – https://technet.microsoft.com/en-us/library/ff431687.aspx
- Deploy Office Web Apps Server 2013 – https://technet.microsoft.com/en-us/library/jj219455.aspx
- Planning Office Web Apps Server – https://technet.microsoft.com/en-us/library/jj219435.aspx
2. Server Environment
This Demo Setup we will be using:
Two office Web Apps 2013 Servers with Windows NLB Enabled and Configured
SharePoint Server Farm with two WFE Servers and Single APP Server for Intranet Site Hosting with Host Header Site Collection (This SharePoint Farm is multi-tenant Environment where a Single Web Application shall contain multiple Host named Site Collections with unique URL)
Two Database Servers holds Always-on-Instance for SharePoint Environment.
Active Directory | DNS Server with Active Directory Certificate Service enabled and optimized
Two SQL Server Nodes with Always-on-Instance hosts SharePoint Platform
Specifications of these servers are for demonstration purposes only. Production Environments are highly recommended to meet Microsoft’s size requirements in order to get optimum performance and reliability.
3. Requirements and Recommendations
This guide uses windows NLB. In Production Environments, try to use a Hardware Load Balancer which brings the following capabilities if you are planning for more than one server for OWA.
Layer 7 routing
Enabling client affinity or front-end affinity
Enabling SSL offloading
Production Environments have firewalls in between different zones. Depending on the zone you are going to place OWA Servers, you need to open following ports in order to make OWA function properly.
Port 443 for HTTPS traffic
Port 80 for HTTP traffic
Port 809 for private traffic between the servers that run Office Web Apps Server (if you’re setting up a multi-server farm)
Topology Planning (Source: https://technet.microsoft.com/en-us/library/jj219435.aspx )
• Plan for Server Level Redundancy. If you are using virtual machines to Host OWA, segregate them to separate Host Servers instead of placing all in a one box (e.g. – OWA1 hosted in hardware box A, OWA2 hosted in hardware box B) so that if hardware box A goes down in case, the Box 2 serves as requests as OWA2 is still running.
• Stick to one datacenter. Servers in an Office Web Apps Server farm must be in the same data center. Don’t distribute them geographically. Generally, you need only one farm, unless you have security needs that require an isolated network that has its own Office Web Apps Server farm.
• The closer the hosts, the better. The Office Web Apps Server farm doesn’t have to be in the same data center as the hosts it serves, but for heavy editing usage, we recommend you put the Office Web Apps Server farm as close to the hosts as possible. This is less important for organizations that use Office Web Apps primarily for viewing Office files.
• Plan your connections. Connect all servers in the Office Web Apps Server farm only to one another. To connect them to a broader network, do so through a reverse proxy load balancer firewall.
• Configure the firewall for HTTP or HTTPS requests. Make sure the firewall allows servers running Office Web Apps Server to initiate HTTP or HTTPS requests to hosts.
• Plan for incoming and outgoing communications. In an Internet-facing deployment, route all outgoing communications through a NAT device. In a multi-server farm, handle all incoming communications with a load balancer.
• Make sure all servers in the Office Web Apps Server farm are joined to a domain and are part of the same organizational unit (OU). Use the Farm OU parameter in the new Office Web Apps Farm cmdlet to prevent other servers that are not in this OU from joining the farm.
• Use Hypertext Transfer Protocol Secure (HTTPS) for all incoming requests.
• If you have IPsec deployed in the network, use it to encrypt traffic among the servers.
• Plan for Office features that use the Internet. If features such as clip art and translation services are needed, and the servers in the farm can’t initiate requests to the Internet, you’ll need to configure a proxy server for the Office Web Apps Server farm. This will allow HTTP requests to external sites.
Software Requirements for Office Web Apps
• Office Web Apps Server/s must be independent from other applications and services such as SharePoint, Exchange, Lync, Skype4B. Do not deploy Office Web Apps on a server that runs any of the above applications and that is not supported.
• Don’t install any services or applications that depend on IIS 80, 443 or 809 Ports because OWA frequently removes web applications on these ports in order to bring up the OWA Web applications.
• Do not install any Office client applications on OWA Servers as it is not recommended. If any office applications are installed on a server you are about to install OWA, you have to fully uninstall them prior to the OWA installation.
• Do not install OWA on a Domain Controller or any Domain Server runs critical services such as DNS or AD DS.
• Download the Office Web Apps 2013 with SP1 which is the latest version you can download. Also look for the recent cumulative updates prior to go live in production scenarios.
It is assumed that you already have a SharePoint farm prepared with an accessible site collection. This guide will tackle the SharePoint Server Deployment but only the integration of Office Web Apps with SharePoint in order to allow end users to open/edit their Office Documents within the browser.
Installing Prerequisites in OWA servers for Office Web apps
Creating DNS Host Records
Configuring Windows NLB for Load balancing and High Availability
Configuring SSL Certificates using Active Directory Certificate Services
Installing Office Web Apps
Configuring Office Web Apps Farm
Joining Member Servers to the Office Web Apps Farm
Integrating with SharePoint Farm
4.1. Installing Office Web Apps Prerequisites
You must have a Domain User account (Such as SharePoint Farm Account) created in order to Install Office Web Apps.
After creating your virtual machine, login to the same and prepare it with necessary Network and Domain Configurations such as defining IP addresses and joining it to the respective domain.
Then login to the server using local administrative credentials and add the user account created for Office Web Apps in to the Local Administrators Group.
Run the following scripts in Windows PowerShell in order to prepare your OWA servers with prerequisites. You can define the SXS path to source files if your server doesn’t have an internet connectivity by simply passing the -Source Parameter (e.g. -Source D:\Sources\sxs)
It might prompt for restarting once finished.
For Windows Server 2008 R2
Install Following Softwares:
Right click on Windows PowerShell and run it as Administrator. Then run the following:
Import-Module Server Manager
For Windows Server 2012
For Windows Server 2012 R2
Install – NET Framework 4.5.2
Then Run the following in PowerShell:
4.2. Creating DNS Host Records
Next is to create the host Record for NLB Cluster Name (Which will be the ultimate Server Name of OWA Farm).
Direct to your DNS Server and simply create a host AAA Record points to your Target NLB IP. You need a dedicated IP V4 address for this.
Open the DNS Manager Console in your DNS Server and right click on the respective xone and hit New Host (A or AAAA) to create a new Host record.
Provide the Name and IP to (which is the desired NLB Cluster IP) and hit Add Host to create.
4.3. Configuring Windows NLB
Then the next step is to install Windows NLB for both OWA Servers in order to configure the load balancing
Open up Server Manager and Click Add Roles and Features from the top. This has to be done in both OWA servers.
Just click next on the first screen.
Leave the Default Selection here and hit Next.
Leave the Default choice and hit Next to proceed.
Select the Network Load Balancing from the Feature list and hit Next to Install the feature then restart the server if prompted.
That installed NLB feature for us and now let’s Setup Load Balancing Cluster. Open up Windows NLB Console from the primary Machine (OWA1). Make sure both Nodes are now ready with IP, Host Names, NLB Feature.
Right click on the top level and create a New Cluster.
Provide the name or IP of the Primary Server which will host the Cluster (Local Server). It will automatically resolve the IP and display the interface for you. Simple hit Next to proceed.
Leave these settings as it is unless you need a specific configuration for IP and Network Interfaces.
Next Step is to define the Cluster IP. At this scenario it will be 192.168.150.132
IP Address will be already selected and define the FQDN of the Cluster name here and choose operation mode based on your network. This server only got a single Network Interface so it has to be Multicast. If you have Multiple Interfaces, you may choose Unicast Mode to make it function properly.
Hit Next to go ahead.
You can edit the Port Rules to customize Ports or Protocols but not really necessary to get this function. Leaving the defaults will bring us what we need in this case.
If all went well, you can see the Cluster is created with the defined name and settings and Primary Host is added/Started with green health status.
Let’s go ahead and add the second node here. Right Click on the Cluster Name and Add Host to Cluster.
Type the Host Name or IP of your Secondary OWA Machine (OWA2 at this Case). Make sure it can communicate with the primary host and Windows Firewall Exceptions are added or switched off so nothing will block the communication at this point.
If all is good, it will resolve the IP over Name and name over IP as below. Just hit next to proceed.
Leave the priority to default (2) and state as started.
And then the port rules. Load left as equal and you can define if you need. Leave it as default for better load sharing.
Give it a moment.
And both nodes will come online and appear as healthy if you have configured it properly.
To verify the availability of the cluster, lets ping the name. Do it from one of the SharePoint Machine so you can identify any issues in the network.
So the NLB Cluster is all set for us. Next is to prepare the OWA Servers with SSL Certificates.
To be continued in Part 2.