Ok now that we’ve successfully installed Team Foundation Server, its time to validate that it’s running. We’ll do this by checking some basic things on the system. Then we’ll look at TFS security and how the leverage it to save administration

We’ll cover:

· Validating TFS URLs

· Validating TFS Services

· A few words on the installation logs

Installation Validation

We are all excited to jump in and start in using a new set of tools, but first we probably should make sure the installation went ok first and it's fairly simple. Next we will dive into a few steps that will help us with this. I'll give a couple of tips for upgraders at since that’s fairly specific to your environment.

Validate Team Foundation Server URLs

This one is easy and determines a whole host of services and web sites have been configured correctly. Let's start by looking at the main URLs for the Team Foundation Server (you can get the first one from the "Success" window from your install if that is still up, or if you closed it just following the steps below).

1. Get the URL. Go to the Start Menu ➤ Team Foundation Server 2013 ➤ Team Foundation Server Administration Console.

2. Once you have the console open go to the Application Tier node in the selection tree as indicated in the screen below in Figure 3-1. Note the Web Access URL on this page. It will be in the format of http(s)://<server name>:<port, normally 8080>/tfs

Figure 3- 1 TFS Web Access URL

3. Now that we have that we can check the Web Access services with the URL. (Note the Server URL would also be able to perform this quick test on the local server). Put that URL into a browser window on the TFS server. You should see windows displayed similar to the ones below in Figure 3-2. Click on the Administer panel and this window should pop up as in Figure 3-3. We'll visit this window again later.

Figure 3 - 2 TFS Web Access main page

Figure 3- 3 TFS Web Access Admin screen

Validate TFS Services

Another important step in making sure your install went smoothly is examining the services installed by Team Foundation Server. Most of the time (actually since TFS 2010) if you make it to the installation confirmation window with a page of green check marks you are usually good to go. However it never hurts to double check a few things. Since Team Foundation server runs on the standard Windows Sever stack it depends upon a slew of "standard" services, and a few specialized ones to be running to do its job including but not limited to:

· World Wide Web Publishing Service

· SQL Server (for both TFS and SharePoint)

· SQL Server Reporting Services

· Visual Studio Team Foundation Background Job Agent

The above system level services are to be expected on a Standard Single Server install like we performed elsewhere in this book. If you have another configuration or a scaled out deployment your individual servers would not necessarily run all of these. These are fairly easy to identify in the Service applet and should be running and should be set to Automatic start. There are a bunch of others that will be seen in a fully configured TFS server as other featured are added (as in the Build Service we'll check out next) but these are good to start with. An interesting service worth mentioning is the last one on the list. You'll only know something is wrong with the "Visual Studio Team Foundation Background Job Agent" when things you did in the system don’t seem like they took properly (permissions for instance) so it bears both initial checking and monitoring on occasion since it can be confusing when you are setting things up properly and it doesn’t seem to be working through no fault of yours.

1. Start the Services applet. Go to Start ➤ Administrative Tools ➤ Services.

2. Verify key services are running and Set to Automatic Start as in Figure 3-4.

Figure 3- 4 Windows Services applet highlighting the Visual Studio Team Foundation Background Job Agent

Installation Logs

So I'm sure someone at Microsoft will be upset with me saying this but the Installation Logs are of limited usefulness in validating if an install happened correctly in the absence of any real errors presented during the installation. Why? There is just too much information in the files appearing as a potential error that in reality is just information. However if you are tracking down a stubborn installation error and can focus on that or if you are working with Microsoft Technical Support they can be useful. The location is here:

C:\Users\<install account>\AppData\Local\Microsoft\Team Foundation\Setup\Logs

So if you were installing under the account TFSADMIN you would look in:

C:\Users\TFSADMIN\AppData\Local\Microsoft\Team Foundation\Setup\Logs

Here is a typical view in Figure 3-5 of files you might find in that directory for the curious. Note the use of the Hidden flag on the View menu in File Explorer. Without selecting that you'll be staring at an empty directory:

[Douglas5]

Figure 3- 5 File Explorer in the TFS Logs directory

Installation Experience

Using the Standard Single Server installation wizard I'm going to step through the installation process. I'm using this configuration because it's fairly simple for documentation purposes and one of the more popular layouts for Team Foundation Server. I'll cover the steps here:

1. Select the media. Choose the DVD / ISO file for the TFS install as depicted here in Figure 2-5 below

Figure 2- 5 Media Selection

2. You'll need to pick a location next, most people just leave the default and keep going. You'll need to accept the license terms as in the Figure 2-6 below to continue, then you’ll be presented with a screen similar to Figure 2-7.

Figure 2- 6 Pick a location for the installation

[Douglas4] [GG5]

Figure 2- 7 First progress screen, you are on your way

3. Next we need to pick a wizard. As we said earlier we are going to choose the Standard Single Server as in Figure 2-8

Figure 2- 8 Standard Single Server Wizard

4. Next we'll be prompted to enter some account information. Note the yellow triangles in Figure 2-9, this is how the wizard will prompt you for information throughout the install. Incidentally, it’s the same symbol used to warn you of warning level issues. Here's where you get to use the checklist from the previous chapter. Get the account credentials you identified as the SQLSERVICE account and enter it here.

5. After that we'll need to configure reporting services, if it wasn't already done. The installation wizard will detect if it is or not and alert you, as we see in the figure below. We are going to jump there next.

Figure 2- 9 entering the Service Account credentials

6. Back to your checklist from the previous chapter, enter the Reporting Services server here as in Figure 2-10.

Figure 2- 10 SQL Server and Reporting Server Instance

7. Select or enter the service account for Reporting Server service from the checklist in the last chapter as depicted in Figure 2-11.

Figure 2- 11 Report Server service account

8. Next we need to configure the Web Service URL as shown in Figure 2-12. If it wasn’t already configured you'll be prompted to create it, which is what I did here.

Figure 2- 12 Create or Configure web service URL

9. Reporting Services DB configuration is next. You can also create a new DB here as well.

Figure 2- 13 DB Setup and Configuration

10. The next two steps are fairly explanatory, but pay attention to the Execution Account screen in Figure 2-14, you will want to enter the account you selected for the TFSREPORTS account. Pay careful attention to the format because it's very particular. It must be in a DOMAN\ACCOUNT format, even for a local account. .\TFSREPORTS for a local account for an example.

Figure 2- 14 Setting the Execution Account

11. Once you are done here, you'll be back at the TFS Server Standard Configuration wizard as in Figure 2-15 and being prompted to confirm your configuration settings. Click Next.

Figure 2- 15 Confirm your configuration

12. Next you'll see a screen like this below as the wizard progresses through its readiness checks as in Figure 2-16, when complete you'll get the second screen complete with any warnings or errors. In this case I'm being warned that my Application Tier needs 50GB of free disk space. Ordinarily this would be something I'd want to take care of now or follow the advice listed post install but this is an example so we can safely continue so we'll hit the Configure button.

Figure 2- 16 Readiness checks in progress

Figure 2- 17 Readiness Checks Complete

13. Success! Hopefully at the end of all the configuration, this next screen in Figure 2-18 is what you will see. If not, follow the warnings and resolve the issues.

Figure 2- 18 Configuration Success!

14. Finally you have completed configuration and will be presented with the summary screen below in Figure 2-19. Some important things to note on this screen.

· TFS Server URL: http://<server name>:<port>/tfs

· Detailed Results: What you will find here will vary based on how the configuration went. A couple of typical notes here include a note on enabling compression, the port on the firewall that was opened, and a resetting of the Windows service timeout.

· Link to the configuration log. It would be a great idea to thoroughly check this log for any errors before continuing.

Figure 2- 19 Configuration Results

SharePoint compatibility issue One thing worth mentioning is an issue that exists as of this writing between SharePoint Foundation 2013 and Windows 8.1 or Windows Server 2012 R2. Though this will affect all installations, it will stop the standard wizard dead in its tracts if you didn't already take care of it, and it detects that it still needs to install SharePoint you will get the error screen depicted below. To get around this you will need to install SharePoint Foundation 2013 with SP1 which can be downloaded here http://www.microsoft.com/en-us/download/details.aspx?id=42039.

Install Categories

As mentioned in the previous chapter, there are scaling considerations to consider. This is especially true if you are in an existing environment that is maxed out and this update is part of your plan to add capacity. Most people however, they are looking at single server environments or close to that.

In order to satisfy the broadest audience that is the model we will follow in this book. If I get into a section where a scaling or high-availability touch point exists, I will mention it in a call out or note towards the end of the chapter. To begin with we should review the main installation types that are available. There are two broad categories that we need to see which we’ll fall into:

New Install

A new installation is the most straight forward installation type. We have no earlier versions of Team Foundation Server to contend with and other than the normal prerequisites, we can begin the installation. Here we are going to assume you are using a single server configuration and haven’t chosen scale the environment to multiple servers (see Chapter 1 for more details on scaling and performance).

Which Wizard to Use?

Once you get into the install you'll run into this choice pretty quick, so best if we talk about it prior. The Team Foundation Server Configuration Center offers you the following installation / configuration choices:

· Basic - this will install (as the name implies) just the basic services for running TFS. It will also either install SQL Express, or let you connect to existing SQL Server Standard or Enterprise but won't install them for you. You'll get Source Control, Work Item Tracking, and Build Services. You will not however get SharePoint or Reporting Services Integration configured. All default options will be selected for you.

· Standard Single Server - This wizard also is also intended for a single server with the default options. The big difference with this one is that it will also install SharePoint Foundation 2013 (or configure it), and configure SQL Server Reporting Services. This is the one recommended for most single server installs of TFS, and the one we'll walk through in this book. The big caveat with this one is that you need to use the default instance of SQL Server (which is ok most of the time, unless you are using SQL for something else that commandeered it on you). You also can't use this wizard if you want to use remote SQL, Reporting, or SharePoint servers. Additionally if you want to use Negotiate (Kerberos) authentication, or if you need to install the Application Tier onto and existing web site set it up to use a different port, you'll want to use the Advanced wizard instead.

· Advanced - If you need full control over all aspects of the install, this is the one for you. It only runs on Windows Server OS's (so no client OS installs with this one). It can do everything the Standard one can do plus support using remote SharePoint, SQL, or SQL Reporting Servers. You can also install the Application Tier on a different port, us a non-default instance of SQL Server or Reporting Services, or if you want to skip SharePoint or SQL Reporting Services integration. Additionally you can use Negotiate (Kerberos) authentication with this wizard. The only thing you wouldn’t want to use this for is just installing or reinstalling the Application Tier on its own (look below for that).

· Application Tier Only - As the name implies, it is used mainly to install an additional Application Tier (Team Foundation Server) to your existing Team Foundation deployment. You can use it on Client and Server OS's. It's also very useful for moving a TFS from one server to another and for disaster recovery. Don’t use this wizard to set up your first Team Foundation Server.

· Upgrade - This is the wizard to use to upgrade from an older Team Foundation Server version. It supports both client and server OS's. Please remember to back up your server prior to starting this wizard. This wizard has come a long way from when they introduced it in TFS 2010 but it still never fails to inspire panic since one of the first things it does is remove the old version and if it fails it will not reinstall the old one for you.

Here we will want to install using the Standard Configuration. This makes sense if you want to install Team Foundation Server on a single server with reporting and a team portal. It makes installation much simpler. The workflow we are going to follow here is very simple and I’ll detail it here in Figures 2-1, 2-2 for your reference.

Figure 2 - 1 TFS Installation Workflow

Figure 2 - 2 Items configured in a Standard Single Server installation

Active Directory

You can install Team Foundation Server on multiple servers if they are all in an Active Directory Domain, and that domain is at the functional level that Team Foundation Server Supports. A single server on a workgroup is also supported. You cannot however install Team Foundation Servers on severs who’s domain controllers are running Windows NT Server 4.0 (yes there are still a few around). The Table 1-6 below shows the functional levels that are NOT supported. All others are considered fair game at this point for TFS 2013:

Table 1-6 Functional Levels and Active Directory

Ports

You will likely need to open some ports on your firewall so Team Foundation Server can communicate with the various interfaces it needs. My table below shows the default ports you will need to make sure are open. If you have modified your installation you’ll need to verify what these are set to in your environment. This may require you speaking with your IT department if you are in a larger company.

Also, if you are using Windows Firewall the install process will set the ports for you. If you are using another firewall you’ll need to check the documentation or with your local IT person to figure out how to get these open.

Table 1-7 Ports

If anything, the supported OS’s got tighter this release with the elimination of some platforms. You can use:

Server OS’s (Server Core Installations not supported):

· 64-bit versions of Windows Server 2012 R2 (Essentials, Standard, Datacenter)

· 64-bit versions of Windows Server 2012

· 64-bit versions of Windows Server 2008 R2 (Standard, Enterprise, Datacenter)

· Windows Small Business Server 2011 (Standard, Essentials, Premium Add-On)

For the love sanity, if you choose to go the SBS route, make sure you calculated your fully configured SBS server with all its components (Exchange, etc.) the ADD the Team Foundation Server requirements in addition to those. Better yet would be to use it in your deployment, but not as a single server TFS solution.

For installations of TFS or SQL Server with Windows Server 2008 R2, you need .NET Framework 3.5 installed. On Windows Server 2008 R2, you can install .NET Framework 3.5 by using the Add Features Wizard from Server Manager.

Supported Client Operating System Requirements:

· Windows 8.1 (Basic, Professional, Enterprise)

· Windows 8

· Windows 7 (Home Premium, Professional, Enterprise, Ultimate, SP1 minimum)

Best to use a client OS only as a test install for a proof of concept. You will not be able to install SharePoint, Reporting, TFSProxy. What does this mean for you? No website to collaborate, no HTML project reports, and you won’t be able to proxy source files. Move to a server OS above for any production use. I always find it amazing when I see questions on “performance issues”, then find someone using a client operating system. Also, the “Standard” install isn’t supported on a client OS since it installs SharePoint. Have I talked you out of trying to do this on the cheap with a client OS yet? Very good.

Performance and Planning

Nothing gets more hotly contested in systems engineering circles than performance recommendations. The recommendations in the table below come directly from Microsoft. They are the minimum. Take special note of the new hard disk requirements. Also, the numbers below do not include recommendations for SharePoint installed on the same server, those recommendations are in the next section. My notes from my personal experience are in a note below.

Hardware

The following table reviews the general hardware recommendations for Team Foundation Sever, broken out by tier or role. These are good starting recommendations but you need to keep in mind any local considerations that may increase these.

Table 1-3. Scaling and Performance Recommendations

Scaling Tips – 1 to many

So you need more performance out of your Team Foundation Server 2013 installation. First step would be sure you meet the minimum requirements in this chapter. Since there are a lot of scenarios here, let’s consider this one: you’re starting to max out on your singe server installation. The one axiom you will note in any system performance recommendation chart is that you can never have enough RAM, fast enough processors, or fast enough disk subsystems to support everything on one system. So what in general should you scale out to? It really depends on what components in the Team Foundation Server are the heaviest used. For a lot of people, that ends up being the SharePoint Sever. After that move your databases to a separate SQL Server and Reporting Services server. Now I covered a very select scenario here, and yours may be different. For more advanced considerations I’d highly recommend reading up on Team Foundation Server performance recommendations in the Visual Studio ALM Rangers guide here http://vsarplanningguide.codeplex.com/ .

TFS Architecture Overview

Since TFS has a lot of moving parts, I thought I’d give you a picture of how it all fits together. Now before I get a lot of hate mail on this, it is a simplified chart and I’m likely going to leave off someone’s favorite feature. All the big pieces are here though. The purpose is to the give the reader an idea of what we are discussing will fit in the big TFS picture.

There is also a number of different deployment options that will have an effect on the final look of your architecture such as scaled out servers and High Availability (HA) database options. This should serve as a good general reference though as we move through the book as shown in Figure 1-1.

Figure 1- 1. TFS Architecture Reference

Installation Considerations

There are a few pieces of information we need to collect and a few configuration tasks we’ll need to make sure have been completed properly. Here we’ll cover the system requirements and provide a handy checklist you can use so you aren’t hunting around for critical information when you are anxious to begin.

Basic Requirements

One “new” requirement for the last as it is for this release is a 64 bit server OS. I know this is really not “new” news for everyone, but if you haven’t had to install or upgrade an Operating System in a while this may come as a surprise. Also, you may require different hardware to support a 64 Operating System (check with your hardware manufacturer on this). If this applies to you, now you may have that justification you were looking for on ordering that new server.

You may have had no reason to upgrade your Operating System before but to run TFS you will need to have a 64 bit server. Running TFS brings the perfect justification for upgrading your OS!

Another question I’m getting these days for just about everything is if this (Team Foundation Server 2013 in this case) will support a Server Core installation, it will not (more information on the Core Installation Option here http://technet.microsoft.com/en-us/library/cc771345(v=ws.10).aspx). Just not enough of what TFS needs with these options.

Hey folks just a heads up to keep an eye out for excepts from my upcoming book here.  Publication date sometime around early summer 2015.

Permissions and security (Must know)

In this chapter we'll examine the various permissions, services accounts needed, and various roles involved in this integration. We'll also cover the steps you'll need to perform to set each of these. Please keep in mind that depending on your unique environment, and re-use of existing accounts and groups, some of these permissions may have already been granted.

Getting ready

To begin with, we need to make sure we are set up for success. Let's look at this from a server by server view:

• Team Foundation Server: In order to perform any of the operations in this chapter you will need to belong to the Team Foundation Administrators group (alternately you could also assign the view instance-level information and edit instance-level information to Allow). You'll also need to have access to the Team Foundation Server Administration Console page (alternately, you could also use the Group Membership dialog box in Team Explorer, but the Team Foundation Administration Console page is much easier to work with for this).

Team Foundation Sever Administration Console

• Project Server: In Project Server, you'll need the Manage users and groups global permission for an instance of Project Web Access or PWA. To set these, you'll need access to the Project Server through PWA.

Project Web App

• SQL Server: To grant Project Server 2010 permissions for the reporting database, you need to be a member of the administrators' security group for the SQL Server databases for Project Server.
• SharePoint: In SharePoint, you must belong to the Farm Administrators group, the administrators group for the web application that supports Project Server, or the SharePoint Administration group. The exact group membership you will use will depend on the specifics of your deployment.

Required permissions matrix for integration with Project Server 2010. Detailed instructions on how to set these are below this reference table:

How to do it...

We'll lay the steps out here by subject to make it easy to follow and refer back to later.

• Granting Team Foundation Administrative Permissions:

  In order to configure the integration of Team Foundation Server and Project Server, you must have permissions to administer Team Foundation Server or at least a team project collection. For both configuration and synchronization, you must also grant permission to administer Project Server integration to the user who will configure the integration of the two server products. Following are the steps to show how to grant this permission:

1. Launch the Team Foundation Server Administration Console page.

Team Foundation Server Administration Console, Administer Security

Expand the server node (Application Tier), click on Team Project Collections, click on a collection, and then click on the Administer Security option.

1. In the Global Security window, click on [Collection]\Project Collection Service Accounts.
2. Under Permissions for the Administer Project Server integration, select the Allow checkbox.
3. Click on the Close option to close the Global Security window.

• Granting Project Server Permissions:

  You minimally need to grant Project Server permissions as follows:

1. Add the account of the user who will register an instance of PWA to Team Foundation Server to the administrators group
2. Either add the service account for Team Foundation Server to the administrators group, or grant that account the minimum set of Global and Category permissions as described in the previous reference table.
3. Add the accounts of any Team Foundation members who will submit status updates to Project Server to the Team Members group

• Adding an account to Project Server and assigning it to the administrators group for Project Server 2010:

1. From the PWA home page, in the Quick Launch area (from the side menu, on the left-hand side, scroll all the way down), select Server Settings.
2. From the Server Settings page, select Manage Users.
3. From the Manage Users page, select New User. This will begin the creation of a new user account. You will return here as needed by add additional administrators.
4. On the New User page, enter at least the required fields. Some things to keep in mind as you are doing this are:

1. Uncheck the checkbox for User can be assigned as a resource if the account is a service account. This would be left as default for normal users, but not for an administrator.
2. In the User Authentication field, enter the account name of the user or service account you want to use.
3. Uncheck the checkbox for Resource can be leveled if the account is an administrator or a service account. This would be left as default for normal users, but not for an administrator as noted previously.
4. Lastly, you'll need to add the account to the Administrators group, from Security Groups, select Administrators in the list and then click on Add.
   1. Click on Save.

Project Web App, New User

• Granting the minimum Global permissions to the service account for Team Foundation Server:

1. From the PWA page, in the Quick Launch area, click on the Server Settings option.
2. From the Server Settings page, click on Manage Users.
3. From the Manage Users page, click on New User.
4. From the New User page, type the required information in each field. Note the following:

Clear the checkbox for User can be assigned as a resource because the account is a service account.

For user authentication, type the account name of the service account.

To assign Global Permissions, select the Allow checkbox for each permission that you want to set, and as specified earlier in this topic.

1. Click on Save.

• Granting Category permissions to the service account:

1. From the home page for PWA, in the Quick Launch area, click on the Server Settings option.
2. From the Server Settings page, click on the Manage Categories option.
3. From the Manage Categories page, click on the New Category option.
4. From the Add or Edit Category page, type a name for the service account category. For example, type Servicing Account.
5. Under the Available Users list, click on the name of the service account for Team Foundation Server, and then click on Add.
6. Under the Projects list, click on the All current and future projects in Project Server database option.
7. Click on Save.

• Adding Team Foundation members to the Team Members group:

1. From the home page for PWA, in the Quick Launch area, click on Server Settings option.
2. From the Server Settings page, in the Security section, click on the Manage Groups options.
3. From the Manage Groups page, click on the Team Members option.
4. From the Add or Edit Group page, hold down the Shift key, click on the users whom you want to add from the Available Users list, and then click on Add.
5. Under Categories, verify or add My Tasks from Available Categories to Selected Categories.

• Adding the Service Account for Team Foundation Server to the Project Server Service Application for Project Server 2010:

  In order to enable status update processing by the synchronization engine for integration with Project Server 2010, you must add the service account for Team Foundation Server to the Project Server Service Application. This can be done alternatively you could use Windows PowerShell (not covered here).

  Following are the steps to add the Service Account using SharePoint Central Administration:

1. Launch the SharePoint Central Administration page for Project Server.
2. Under Application Management, choose the Manage service applications option.
3. From the Manage Service Applications page, highlight the Project Server Service Application row by clicking within the row but not the name of the application.

The ribbon will now be available.

1. In the ribbon, select the Permissions option.
2. In the Connection Permissions for Project Server Service Application dialog box, type the name of the service account, and then select Add.
3. In the middle pane, make sure that the name of the newly added service account is highlighted.
4. In the bottom pane, select the Full Control checkbox, and then select OK.

Manage Service Applications dialog box, for step 3

• Granting Permissions to PWA databases to the service account for the web application pool for Project Server 2010:

  To enable data synchronization, you need to grant permissions to the service account for the web application pool to update two SQL Server databases for each instance of PWA for Project Server 2010.

  Following are the steps to grant permissions to a database for an instance of PWA:

1. Log on to the data-tier server for Project Server.
2. Select, SQL Server Management Studio in Start | All Programs| Microsoft SQL Server 2008.
3. The Connect to Server dialog box will now open.
4. In the Server type list, select Database Engine.
5. In the Server name field, type the name of the server that hosts the databases for Project Server, and then select Connect. (If SQL Server is installed on a cluster, type the name of the cluster, not the computer name. If you have specified a named instance, type the server and instance name in the following format: DatabaseServer\InstanceName. If you have Project Server and SQL Server installed on the same machine, the localhost name that this dialog box defaults to, will work fine.)
6. The SQL Server Management Studio page opens.
7. Expand the Databases option, open the shortcut menu for the database for the instance of PWA (for example, PWA_Reporting), and then select Properties.
8. Under Select a page, select Permissions.
9. Add the service account of the web application pool for Project Server, and grant the required permissions. For example, Alter any Schema, Create Table, Delete, Execute, Insert, Select, and Update are the permissions required for the reporting database.
10. On the Publishing database (PWA_Published), grant the Select permission.
11. Repeat steps 7 through 10 for each instance of PWA that will participate in data synchronization with Team Foundation Server.

Database Properties, Permissions dialog box, for step 8

There's more...

Although we've covered most of the key parts already, there are a few other things you might want to consider. We'll cover those in the following section.

Logon permission for services

You must grant all service accounts for Project Server and SharePoint products, permission to log on to the computer on which the service is running.

Service account permissions

The service account for Team Foundation Server also runs the Team Foundation Background Job Agent Service. All TfsAdmin commands are run in this service accounts context, except for the /RegisterPWA and /UnregisterPWA options, which are run under the executing user. The Team Foundation Background Job Agent Service manages data synchronization processes. This service account requires permissions to access each instance of PWA that has been mapped and permissions to call Project Server integration services.

About this Except:

Portions of this excerpt were re-published by the author (me).  The full book is available for purchase here http://www.amazon.com/dp/1849688540/?tag=packtpubli-20.  Note that some content may be different (pictures, charts, etc.) as I'm trying to format this post for the web.

Initial integration configuration (Should know)

These are the minimal steps you'll need to complete in order to complete the initial configuration of Team Foundation Server and Project Server. You may need more steps depending on specific site requirements. Please complete them in the order listed for predictable results.

Getting ready

In order the run the TfsAdmin command-line tool indicated in some of these steps, you will need to run it in an elevated command prompt (right-click on the command prompt in the Start menu and select Run as administrator).

How to do it...

We'll lay the steps out here by subject to make it easy to follow and refer back to later.

Integration:

You'll also need to change directory to C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE, or add it to your path. Open a command prompt from the Start menu. Using the following steps:

1. Register an Instance of PWA. Each instance must be registered.

   Tool Used: TfsAdmin

   1. Open a Command Prompt from the Start Menu.
   2. Run the following command (without the <> brackets):

   TfsAdmin ProjectServer /RegisterPWA /pwa:<pwaUrl> /tfs:<tfsUrl>

   that is,

   TfsAdmin ProjectServer /RegisterPWA /pwa:http://tfspsdemo/PWA
   /tfs:http://tfspsdemo:8080/tfs/
   

2. Map the PWA instance with a team project collection.

   Tool Used: TfsAdmin

   1. Open command prompt from the Start menu.
   2. Run the following command (without the <> brackets):

   TfsAdmin ProjectServer /MapPWAtoCollection /pwa:<pwaUrl> /collection:<tpcUrl>

   that is,

   TfsAdmin ProjectServer /MapPWAToCollection /pwa:http://tfspsdemo/PWA
   /collection:http://tfspsdemo:8080/tfs/DefaultCollection

   Map each instance of PWA that supports an enterprise project plan.

3. Upload default field mappings.

   Tool: TfsAdmin

   1. Open command prompt from the Start menu.
   2. Run the following command (without the <> brackets):

   TfsAdmin ProjectServer /UploadFieldMappings /collection:<tpcUrl> /useDefaultFieldMappings

   that is,

   TfsAdmin ProjectServer /UploadFieldMappings
   /collection:http://tfspsdemo:8080/tfs/DefaultCollection /useDefaultFieldMappings

   We must define the field mappings for each project collection that we have mapped to an instance of PWA. You can use the default field mappings to begin with and customize if you need to (many organizations use this right out of the box).

4. Associate an enterprise project plan with a team project.

   Tool: TfsAdmin

   1. Open command prompt from the Start menu.
   2. Run the following command (without the <> brackets):

   TfsAdmin ProjectServer /MapPlanToTeamProject /collection:tpcUrl
   /enterpriseproject:<ProjectServerPlanName> /teamproject:<TfsProjectName>
   /workitemtypes:<ListOfTypes>

   that is,

   TfsAdmin ProjectServer /MapPlanToTeamProject
   /collection:http://tfspsdemo:8080/tfs/DefaultCollection/ enterpriseproject:MyEnterpriseProject /teamproject:MyTfsTeamProject
   /workitemtypes:"User Story,Task"

   Do not include a space after the comma for the workitemtypes parameter. If you mapped a plan while it was open, re-open it to register the changes. Look for the Publish to Team Project and Work Item Type columns to indicate that the mapping has been completed.

   The /nofixedwork flag is optional. Use this only if you want Project Server tasks that are mapped to work items in Team Foundation Server not to be assigned to the Fixed Work task type.

5. Add team members to the enterprise resource pool.

   Tool: Project Web App

   On each task that is published to the team project, you need to assign a valid member of the team project as a resource. You also need to identify any team member who submits work items that are synchronized with Project Server. To identify valid contributors, you must add team members from the enterprise resource pool to the resources for the enterprise project plan.

   Please refer to detailed instructions at the following location: Add Team Foundation members to the Team Members group in the recipe, Managing Project Server. Also please refer to details on this function at http://office.microsoft.com/en-us/project-help/add-resources-to-the-enterprise-resource-pool-HA010377760.aspx.

6. Verify synchronization.

   The last step in setting up the initial integration is to verify the synchronization. Please refer to Verifying Synchronization in the following recipe, Managing Project Server.

About this Except:

Portions of this excerpt were re-published by the author (me).  The full book is available for purchase here http://www.amazon.com/dp/1849688540/?tag=packtpubli-20.  Note that some content may be different (pictures, charts, etc.) as I'm trying to format this post for the web.

Configuration of initial permissions (Must know)

We'll cover the initial permission configuration required and the steps to get you through configuring these for Team Foundation Server Extensions for Project Server in this recipe. These are not all the permissions in setting the complete system up, but just the ones required to begin configuration. It is possible that in a large enterprise installation, you will need to separate the requests to get them set by several individuals. This should help with facilitating that.

Getting ready

In the previous recipe we installed the integration. Now we'll build off of that as we configure the integration. Please take a moment to review the work we've done previously before we begin.

Also, it might be handy at this point to review the summary for steps we will be following in this recipe and in other recipes:

Entire configuration workflow

To initially configure the permissions required, you will need to assign administrative permissions of Team Foundation Server and an instance of Project Web App (PWA) to a user who will be responsible for the configuration of these products. You will use the Team Foundation Server Administration Console page for most of the Team Foundation Server permissions, and the Project Security dialog box or Manage Users / Manage Groups web pages for PWA. Please note these are the minimum configurations you'll need to perform for permissions, your installation may need more depending on your specific site requirements.

How to do it...

We'll lay the steps out in the following section by subject to make it easy to follow and refer back to later.

Firstly, we will be setting initial permissions.

You should perform the following modifications in given order:

1. Adding user to Team Foundation Administrators group:

   Account(s): This is the account(s) that will be used to configure the integration of the Team Foundation Server. If this is the same user who installed Team Foundation Server, then this task would already be done during that product's installation and configuration.

   1. Open the Team Foundation Server Administration Console page from the Start menu of the Team Foundation Server.
   2. Navigate to the Group Membership dialog (Team Foundation Server Administration Console | Application Tier | Group Membership) to add this account to the Team Foundation Administrators group.

   This user will be using the command-line tool TFSAdmin, this will be installed by Visual Studio 2012 during its installation.

2. Setting the Administer Project Server integration permission to Allow the account:

   Account(s): These are the accounts of the project managers or other users who will manage the mapping of enterprise projects.

   1. Open the Team Foundation Server Administration Console page from the Start menu of the Team Foundation Server.
   2. Navigate to Team Foundation Server Administration Console | Team Project Collections | Administer Security dialog box to add the account to set the Administer Project Server permission to allow the user or group.

   This is a project collection level permission.

3. Granting the Manage Security global permission to each instance of PWA that you will register with Team Foundation Server:

   Account(s): This is the account(s) of user who will configure the integration of Team Foundation Server and Project Server or the one who registers the instances of PWA with Team Foundation Server service account for Team Foundation Server.

   1. Open the PWA Site in Internet Explorer at http://tfspsdemo/PWA/default.aspx.
   2. Navigate to Project Web App | Edit User | Selected User | Global Permissions Section | Manage Security.

   Every service account for Project Server and SharePoint Products must be granted interactive logon permissions for the computer on which the service is running. This is not a usual permission for services so it bears special mentioning. You will need to repeat this on every PWA instance.

4. Granting Full Control permissions to invoke the Project Server Service Application:

   Account(s): This is the service account for Team Foundation Server.

   We will use SharePoint Central Administration using the following steps:

   1. Run the SharePoint Central Administration page from the Start menu.
   2. In the Application Management section, click on the Manage Service Applications option (many service applications will be listed here normally).
   3. From the Manage Service Applications page, select the row for Project Server Service Application by clicking within the row but not right on the name of the application, that is, don't double click on it. If you do, no big deal, you just need to go back to the previous step and try it again.

   The ribbon should then become available.

   1. In the ribbon you should see a Permissions icon, click on the Permissions icon now.
   2. Within the Connection Permissions for Project Server Service Application dialog box, enter the name of the service account you will be using for this service, and then click on Add. You can go back and change this later if you need to.
   3. In the middle pane, ensure that the name of the service account that you just added is still highlighted, if not please highlight it now.
   4. From the bottom pane, select the Full Control checkbox then click on OK.

SharePoint central administration, Service Application permissions

1. Granting SQL Server database permissions:

   Account(s): This is the service account for the web application pool for Project Server 2010 (you can find this by opening Application Pools in IIS Manager | Connections).

   Since the following commands can take some time, there is also a handy PowerShell script you can use which is at the end of the Summary section.

   We will grant permissions to PWA databases to the service account for the web application pool for Project Server 2010

   To enable data synchronization, you need to grant permissions to the service account for the web application pool to update two SQL Server databases for each instance of PWA for Project Server 2010.

   To grant permissions to a database for an instance of PWA:

   1. Log on to the data-tier server for Project Server.
   2. Select SQL Server Management Studio from Start | All Programs | Microsoft SQL Server 2008.
   3. The Connect to Server dialog box will now open.
   4. In the Server type list, select Database Engine.
   5. In Server name, type the name of the server that hosts the databases for Project Server, and then select Connect. (If SQL Server is installed on a cluster, type the name of the cluster, not the computer's name. If you have specified a named instance, type the server and instance name in the following format: DatabaseServer\InstanceName. If you have Project Server and SQL Server installed on the same machine, the localhost name that this dialog box defaults to will work fine.)

   SQL Server Management Studio opens.

   1. Expand the Databases option, open the shortcut menu for the database for the instance of PWA (for example, PWA_Reporting), and then select Properties.
   2. Under the Select a page list, select Permissions.
   3. Add the service account of the web application pool for Project Server, and grant the required permissions. For example, the following permissions for the reporting database are required: Alter any Schema, Create Table, Delete, Execute, Insert, Select, and Update.
   4. On the publishing database (PWA_Published), grant the Select permission.
   5. Repeat steps 7 through 9 for each instance of PWA that will participate in data synchronization with Team Foundation Server.

Database Properties, Permissions dialog box

1. Adding account(s) to the Team Members group of PWA:

   Account(s): These are the Team Foundation Server team members who will submit status updates to Project Server from a client of Team Foundation.

   1. Open the PWA site.
   2. In the PWA SharePoint site, add team members to the Team Members group for the PWA, or you must grant them the following minimum set of project permissions, namely, Open Project and View Project Site.
2. Granting permissions to contribute to the team project in Team Foundation Server:

   Account(s): These are the users of Project Professional who will publish plans to Team Foundation.

   1. Open the Team Foundation Server Administration Console from the Start Menu.
   2. In Team Foundation Server Administration Console, Grant View Project-level information permissions in Team Foundation, or assign them as members of the Reader group for the team project.

There's more...

Although we've covered most of the key parts already, there are a few other things you might want to consider. We'll cover those in the following section.

If some of the steps given here are not detailed enough for you, not to worry. We cover many of the same ones in the recipe, Permissions and Security.

About this Except:

Portions of this excerpt were re-published by the author (me).  The full book is available for purchase here http://www.amazon.com/dp/1849688540/?tag=packtpubli-20.  Note that some content may be different (pictures, charts, etc.) as I'm trying to format this post for the web.