Synchronization Services Installation¶

Installation of synchronization services (security sync and LDAP sync).

Documentation automatically generated from SyncMetadata.xml

Products¶

This installation is organized around different product:

Security Database Sync Service. Install synchronization windows service that consumes changes on security and apply them to legacy read-only schema on applications like Claims and Origin. Modules in this product are:
- Security Database Sync Service - Security Sync Service
Security Ldap Sync Service. Install synchronization windows service that polls changes on a Windows AD using LDAP and apply them into Sequel Security Services using the SecurityAPI. Modules in this product are:
- Security Ldap Sync Service - LDAP Sync Service
Security Azure AD Sync Service. Install synchronization windows service that polls changes on Azure AD apply them into Sequel Security Services using the SecurityAPI. Modules in this product are:
- Security Azure AD Sync Service - Azure AD Sync Service

Global settings¶

Global settings allow to define values that are reused across the different modules of the installation.

Environment Settings¶

Server level settings. Below table summarizes the available parameters under this category.

Parameter	Description
`AuthenticationServer`	URI where the Sequel Authentication Server is (or will be) available (subdomain.domain.tld). Default value: {var:CurrentMachine}.{var:USERDNSDOMAIN}.
`AuthenticationServerExternal` Public Authentication Server	Public URI where the Sequel Authentication Server is (or will be) available (subdomain.domain.tld). Default value: {var:CurrentMachine}.{var:USERDNSDOMAIN}.
`SecurityApiServer`	URI where the Sequel Security API Server is (or will be) available (subdomain.domain.tld). Default value: {var:CurrentMachine}.{var:USERDNSDOMAIN}.
`SecurityApiServerExternal` Public Security API Server	Public URI where the Sequel Security API Server is (or will be) available (subdomain.domain.tld). Default value: {var:CurrentMachine}.{var:USERDNSDOMAIN}.

IIS Settings¶

Configuration for Internet Information Services. Below table summarizes the available parameters under this category.

Parameter	Description
`AppPoolUserDomain`	Domain for the app pool user.
`AppPoolUserName`	Name of the app pool user.
`AppPoolUserPassword`	Password of the app pool user. This setting handles a password. `Encrypted`
`AppPoolUserPasswordConfirmation`	Password confirmation of the app pool user. `Encrypted`
`Protocol`	IIS Binding Protocol (http/https). Default value: .

Logging settings¶

Logging settings for the applications. Below table summarizes the available parameters under this category.

Parameter	Description
`DatabaseServer` Logging Server Instance	The instance of the SQL Server hosting the logging database.
`DatabaseName` Logging Database Name	The name of the logging database on the SQL Server.
`DatabaseServerIsAGListener` AG enabled	Determines whether the database server is an AlwaysOn Availability Group listener. Default value: `False`.
`Level` Logging Level	Logging level {Debug, Information, Warning, Error}. Default value: `Debug`.
`Type` Logs Output	Select the output of logs: MsSql or Console. Default value: `MsSql`.

RabbitMQ Settings¶

Configuration for RabbitMQ message bus. Below table summarizes the available parameters under this category.

Parameter	Description
`ServerUrl` RabbitMQ Server URL	The URL of the RabbitMQ server (rabbitmq://subdomain.domain.tld/virtualhost).
`UserName` RabbitMQ User Name	RabbitMQ user name.
`Password` RabbitMQ Password	Password of the RabbitMQ server account. This setting handles a password. `Encrypted`
`PasswordConfirmation` RabbitMQ Password Confirmation	Password confirmation of the RabbitMQ server account. `Encrypted`

Modules¶

Security Database Sync Service - Security Sync Service¶

Module Id: SecuritySyncService

Security Sync Service; depends on connectivity to a Claims/Origin database, a logging database and message bus where Security services are publishing the changes.

Parameter	Description
`ServicePath` Service destination folder	Security sync service destination folder in current machine. Default value: C:\Security\sequel-security-sync. `Mandatory`
`ServiceUser` Service User account	Security sync service user account. Default value: {gs:IIS.AppPoolUserDomain}{gs:IIS.AppPoolUserName}. `Mandatory`
`ServicePassword` Service User password	Security sync service user password. Default value: {gs:IIS.AppPoolUserPassword}. `Encrypted` `Password`
`ConnectionStrings.LegacySecurityDatabase` Legacy Security connection string	Connection string to access Workflow and Product Builder database which contains security info. E. g. : Data Source=DatabaseServer;Initial Catalog=DatabaseName;Integrated Security=True;MultipleActiveResultSets=True. `Mandatory`
`LoggingSettings. MsSqlLoggingSettings. ConnectionString` Logging Database Connection String	Connection string to the logging database shared by all services in the same environment. Default value: Data Source={gs:Logging.DatabaseServer};Initial Catalog={gs:Logging.DatabaseName};Trusted_Connection=True;MultipleActiveResultSets=true;MultiSubnetFailover={gs:Logging.DatabaseServerIsAGListener}. `Mandatory`
`LoggingSettings. MsSqlLoggingSettings. MinimumLogLevel` Logging sql level	Recommended value for production is `Information`. Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings. RollingFileLoggingSettings. PathFormat` Logging file path	Logs during start-up are logged to file, instead of using the logging in database. Use double back slash e. g: C:\Security\sequel-security-sync\log-{Date}.txt. Default value: C:\Security\sequel-security-sync\log-{Date}.txt. `Mandatory`
`LoggingSettings. RollingFileLoggingSettings. MinimumLogLevel` Logging file level	Recommended value for production is `Information`. Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings. ConsoleLoggingSettings. MinimumLogLevel` Logging Level	Logging level {Debug, Info, Warning, Error} (Console). Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings. ConsoleLoggingSettings. UseJsonFormatter` Use JSON Format (Console)	Output logs in JSON (Console). Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`LoggingSettings.Type` Logs Output	Select the output of logs: MsSql or Console. Valid choices are: `MsSql`, `Console`. Default value: `{gs:Logging.Type}`. `Mandatory`
`MessageBusSettings.RabbitMqSettings.ServerUri` RabbitMQ server Url	The URL of the RabbitMQ server. Default value: {gs:RabbitMq.ServerUrl}. `Mandatory`
`MessageBusSettings.RabbitMqSettings.UserName` RabbitMQ user name	RabbitMQ User name. Default value: {gs:RabbitMq.UserName}. `Mandatory`
`MessageBusSettings.RabbitMqSettings.Password` RabbitMQ user password	RabbitMQ User password. Default value: {gs:RabbitMq.Password}. `Mandatory` `Encrypted` `Password`
`SynchronizationPolicies.DeletePolicy` Deletion policy	Synchronized policies deletetion policies. Valid choices are: `Physical`, `Logical`, `PhysicalThenLogical`. Default value: `PhysicalThenLogical`. `Mandatory`

Security Ldap Sync Service - LDAP Sync Service¶

Module Id: SecurityLdapSyncService

LDAP Sync Service; depends on connectivity to a Windows AD, Security API, a logging database and message bus used by Security services.

Parameter	Description
`LdapConnection.Host` LDAP connection host	URL of the LDAP server where the user's data is hosted (subdomain.domain.tld). `Mandatory`
`LdapConnection.Port` LDAP connection port	Port of the LDAP host to connect through. Default value: `636`. `Mandatory`
`LdapConnection.SecureConnection` Enable secure LDAP connection	Determines whether a secure connection will be used to communicate with the LDAP host. Valid choices are: `True`, `False`. Default value: `true`. `Mandatory`
`LdapConnection.DN` LDAP connection username	Username used to establish a connection with the LDAP host. `Mandatory`
`LdapConnection.Password` LDAP connection password	Password used to establish a connection with the LDAP host. `Mandatory` `Encrypted` `Password`
`AuthenticationSettings.ClientId` LDAP authentication client ID	Client ID for authentication when communicating with the Security API. Default value: `sec.app.ldapsync`. `Mandatory`
`AuthenticationSettings.ClientSecret` LDAP authentication client secret	Client secret for authentication when communicating with the Security API. Default value: EAAAAIzZCcYg3WCOblfpwF68yAKGLfoivFouXcJua4gRqRYK. `Mandatory` `Encrypted` `Password`
`ServiceDiscoverySettings.Mode` Service Discovery Mode	Service Discovery Mode: Consul or PointToPoint. This feature is an experimental feature. `PointToPoint` is the unique valid value for production environments. Valid choices are: `Consul`, `PointToPoint`. Default value: `PointToPoint`. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. Authentication. InternalUrl` Authentication URL	URL where the Sequel Authentication application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.AuthenticationServer}/Authentication. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. Authentication. ExternalUrl` Public Authentication URL	Public URL where the Sequel Authentication application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.AuthenticationServerExternal}/Authentication. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. SecurityApi. InternalUrl` Security API URL	URL where the Sequel Security API is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.SecurityApiServer}/SecurityAPI. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. SecurityApi. ExternalUrl` Public Security API URL	URL where the Sequel Security API application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.SecurityApiServerExternal}/SecurityAPI. `Mandatory`
`ServicePath` Service destination folder	Security LDAP Sync service destination folder on the current machine. Default value: C:\Security\sequel-security-ldap-sync. `Mandatory`
`ServiceUser` Service user account	User account to run the Security LDAP Sync service. Default value: {gs:IIS.AppPoolUserDomain}{gs:IIS.AppPoolUserName}. `Mandatory`
`ServicePassword` Service user password	Password of the account to run the Security LDAP Sync service. Default value: {gs:IIS.AppPoolUserPassword}. `Encrypted` `Password`
`LoggingSettings. MsSqlLoggingSettings. ConnectionString` Logging Database Connection String	Connection string of the SQL Server logging database. Default value: Data Source={gs:Logging.DatabaseServer};Initial Catalog={gs:Logging.DatabaseName};Trusted_Connection=True;MultipleActiveResultSets=true;MultiSubnetFailover={gs:Logging.DatabaseServerIsAGListener}. `Mandatory`
`LoggingSettings. MsSqlLoggingSettings. MinimumLogLevel` Logging SQL level	Logging level {Debug, Info, Warning, Error}. Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings. RollingFileLoggingSettings. PathFormat` Logging file path	File path where the LDAP Sync service will log informationa and errors. Default value: C:\Security\sequel-security-ldap-sync\log-{Date}.txt. `Mandatory`
`LoggingSettings. RollingFileLoggingSettings. MinimumLogLevel` Logging file level	Logging level {Debug, Info, Warning, Error}. Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings. ConsoleLoggingSettings. MinimumLogLevel` Logging Level	Logging level {Debug, Info, Warning, Error} (Console). Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings. ConsoleLoggingSettings. UseJsonFormatter` Use JSON Format (Console)	Output logs in JSON (Console). Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`LoggingSettings.Type` Logs Output	Select the output of logs: MsSql or Console. Valid choices are: `MsSql`, `Console`. Default value: `{gs:Logging.Type}`. `Mandatory`
`MessageBusSettings.RabbitMqSettings.ServerUri` RabbitMQ server URL	The URL of the RabbitMQ server. Default value: {gs:RabbitMq.ServerUrl}. `Mandatory`
`MessageBusSettings.RabbitMqSettings.UserName` RabbitMQ user name	RabbitMQ User name. Default value: {gs:RabbitMq.UserName}. `Mandatory`
`MessageBusSettings.RabbitMqSettings.Password` RabbitMQ user password	RabbitMQ User password. Default value: {gs:RabbitMq.Password}. `Mandatory` `Encrypted` `Password`

Security Azure AD Sync Service - Azure AD Sync Service¶

Module Id: SecuritySyncService

Azure AD Sync Service; depends on connectivity to a Azure AD, Security API, a logging database and message bus used by Security services.

Parameter	Description
`SyncProcessScheduler.StartingMode` Process Scheduler Starting Mode	Scheduler Starting Mode: AtFirstMessage or AtServiceInit. Sets when sync process scheduler will start: when first run sync message arrives o when sync service is started. Valid choices are: `AtFirstMessage`, `AtServiceInit`. Default value: `AtServiceInit`. `Mandatory`
`SyncProcessScheduler.CheckingInterval` Sync process checking interval	Interval for determine if a new synchronization process must be executed. This value will determine the delay between receive a run sync message a starting the sync process. Value must be greater than 5 seconds. Default value: `00:00:05`. `Mandatory`
`SyncProcessScheduler.MaxProcessExecution` Sync process max execution time	Maximum execution time for each sync process before be cancelled. Value must be greater than 60 seconds and less than 1 hour. Default value: `00:30:00`. `Mandatory`
`SyncDataSources.AzureAD.TenantId` Microsoft Azure Active Directory Tenant Id	The ID of the Azure Active Directory in which the application was created. `Mandatory`
`SyncDataSources.AzureAD.ClientId` Microsoft Azure Active Directory Client Id	The ID of the application created in the Azure Active Directory (also known as Application ID). `Mandatory`
`SyncDataSources.AzureAD.ClientSecret` Microsoft Azure Active Directory Client Secret	Authentication key string of the application created in the Azure Active Directory. `Mandatory` `Encrypted` `Password`
`AuthenticationSettings.ClientId` Web Sync authentication client ID	Client ID for authentication when communicating with the Security API. Default value: `sec.app.websync`. `Mandatory`
`AuthenticationSettings.ClientSecret` Web Sync authentication client secret	Client secret for authentication when communicating with the Security API. Default value: EAAAAIzZCcYg3WCOblfpwF68yAKGLfoivFouXcJua4gRqRYK. `Mandatory` `Encrypted` `Password`
`ServiceDiscoverySettings.Mode` Service Discovery Mode	Service Discovery Mode: Consul or PointToPoint. This feature is an experimental feature. `PointToPoint` is the unique valid value for production environments. Valid choices are: `Consul`, `PointToPoint`. Default value: `PointToPoint`. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. Authentication. InternalUrl` Authentication URL	URL where the Sequel Authentication application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.AuthenticationServer}/Authentication. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. Authentication. ExternalUrl` Public Authentication URL	Public URL where the Sequel Authentication application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.AuthenticationServerExternal}/Authentication. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. SecurityApi. InternalUrl` Security API URL	URL where the Sequel Security API is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.SecurityApiServer}/SecurityAPI. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. SecurityApi. ExternalUrl` Public Security API URL	URL where the Sequel Security API application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.SecurityApiServerExternal}/SecurityAPI. `Mandatory`
`ServicePath` Service destination folder	Security Sync service destination folder on the current machine. Default value: C:\Security\Sequel.Security.Sync.Web. `Mandatory`
`ServiceUser` Service user account	User account to run the Security Sync service. Default value: {gs:IIS.AppPoolUserDomain}{gs:IIS.AppPoolUserName}. `Mandatory`
`ServicePassword` Service user password	Password of the account to run the Security Sync service. Default value: {gs:IIS.AppPoolUserPassword}. `Encrypted` `Password`
`LoggingSettings. MsSqlLoggingSettings. ConnectionString` Logging Database Connection String	Connection string of the SQL Server logging database. Default value: Data Source={gs:Logging.DatabaseServer};Initial Catalog={gs:Logging.DatabaseName};Trusted_Connection=True;MultipleActiveResultSets=true;MultiSubnetFailover={gs:Logging.DatabaseServerIsAGListener}. `Mandatory`
`LoggingSettings. MsSqlLoggingSettings. MinimumLogLevel` Logging SQL level	Logging level {Debug, Info, Warning, Error}. Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings. RollingFileLoggingSettings. PathFormat` Logging file path	File path where the Sync service will log informationa and errors. Default value: C:\Security\Sequel.Security.Sync.Web\log-{Date}.txt. `Mandatory`
`LoggingSettings. RollingFileLoggingSettings. MinimumLogLevel` Logging file level	Logging level {Debug, Info, Warning, Error}. Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings. ConsoleLoggingSettings. MinimumLogLevel` Logging Level	Logging level {Debug, Info, Warning, Error} (Console). Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings. ConsoleLoggingSettings. UseJsonFormatter` Use JSON Format (Console)	Output logs in JSON (Console). Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`LoggingSettings.Type` Logs Output	Select the output of logs: MsSql or Console. Valid choices are: `MsSql`, `Console`. Default value: `{gs:Logging.Type}`. `Mandatory`
`MessageBusSettings.RabbitMqSettings.ServerUri` RabbitMQ server URL	The URL of the RabbitMQ server. Default value: {gs:RabbitMq.ServerUrl}. `Mandatory`
`MessageBusSettings.RabbitMqSettings.UserName` RabbitMQ user name	RabbitMQ User name. Default value: {gs:RabbitMq.UserName}. `Mandatory`
`MessageBusSettings.RabbitMqSettings.Password` RabbitMQ user password	RabbitMQ User password. Default value: {gs:RabbitMq.Password}. `Mandatory` `Encrypted` `Password`

Appendix¶

Global settings:

For accessing to previously defined global settings use the syntax: {gs:GLOBAL_SETTING_NAME}

Variables:

Deployment manager offer access to environment variable from the current process, like USERDNSDOMAIN. Also, other built-in variables are available like:

CurrentMachine: returns the machine name where the installation is executed.
RootFolder: returns the root folder where Deployment Manager is installed.

The syntax is {var:VARIABLE_NAME}. A sample of variable usage on attribute defaultValue:

<parameter xsi:type="Url" 
    name="Url"
    defaultValue="https://{var:CurrentMachine}.{var:USERDNSDOMAIN}/"
    />