Module 16:

Self-Service Portal

1
Lesson objectives
Self-Service Architecture

End User Portal

Analyst Portal

2
Self-Service Architecture

3
Architecture

4
Technology Layers
Custom Portal
(Cannot Host SM Webparts)
Prerequisites
Service Manager
Custom Data Base Installation
Webparts
Customization
SM
Web Parts Options:
Custom Add/Remove
Frontend Web Parts
Build New Frontend
Custom
Web Parts Build New Portal
SM Can be hosted on
Web Parts Data Access
SharePoint
SM Portal
Frontend
SharePoint

ASP.NET 3.0
IIS 7.0 Role
Windows Server 2008 & R2

5
Service Account
Must be Local Admin on Portal, SM MS, and SQL
Server
Must have System Admin Rights on SQL Server
Use SDK Service Account When Installing the
Portal

6
IIS Settings
Set AppPool Account to Service Account
Used in Setup
Enable Windows Authentication and Disable
Anonymous Authentication
Configure Portal Settings
Will Provide How-To Blog in Near Future

7
Enabled Scenarios
View global announcements
Search and view knowledge articles
Create incidents and change requests (IR &
CR)
View request status
IR, CR, SSSP
Password Reset (using FIM 2010)
Software provisioning (using ConfigMgr
‘07)
With or without approvals

8
Enabling Technologies
ASP.NET
IIS
SM SDK Infra
CMDB
SCCM Connector
Active-X control for getting machine name
Portal binaries packaged in Setup.MSI

9
Components of SCSM Portals
Client side
Browser
Active-X
Administrator UI
Server side
InProc SDK
Service Account
IIS
CMDB
Additional topics of interest
Creating SSSP “Software catalog”
Approval process for SSSP
Data flow and information exchange
10
Portal Internals – Part I
The ASP.NET portal will connect to Service manager DB via the in-process
SM server.
Portal is designed for distributed environments
The Data Access server is in running in the local IIS process hence it uses
the windows identity of Principal object in the HttpRequest.
Since the application pool of the ASP.NET portal application will be
configured to use a specific SM user identity we will be connecting to SM
as this user.

IIS
SM Portal
SvcMgr
SM Server Create/Update
Create/Update Instances
Instances   Query
  Query Results
Results Instance
Instance Properties
Properties
DB

11
Portal Internals – Part II
SSSP pulls SCCM Package data from SvcMgr DB
That data comes via the CM Connector
Those packages are exposed in the Portal section of the Admin UI
A “Software Catalog” is created by the Administrator
Done by associating packages with a deployment process and CR templates
That catalog is displayed to the user
A user comes to the Portal
Active-X gets the machine name
The user selects an application from the available list
A workflow process kicks-off based on the deployment process
SM initiates the software distribution process and tracks status
Software gets deployed by ConfigMgr agent and user gets the application

IIS SSP
SSP
Deployment
Deployment WMI
SM Portal Workflow
Workflow Prov
SvcMg
SM Server Create/Update
Create/Update Instances
Query
Query Results
Instances 
Results Instance
  
Instance Properties
Properties r DB
ConfigMgr
ConfigMgr ‘07
‘07
SM DAS SP1/R2
SP1/R2

12
Software Requests
Purpose:
To allow users to request software via web.
To automate approvals and routing of software
requests.
Limitations:
Only one program may be executed from a package.
Software offered is not scoped to Duplication
Template user groups/roles.
If a “New Change Request” workflow applies a template, it will
overwrite the template used by the software deployment process.

Installation of Portal ActiveX Client

Without the ActiveX Control deployed on the end user’s computer
the Software Deployment Feature will not work.

Each package only follows one software

deployment process
If a package is added to two software deployment processes, it will
only remain in the software deployment process that it was most
recently added to.
13
Software Requests
End User’s Computer Service Manager Configuration Manager
2. SCCM Connector Imports Packages 1. Existing Packages and
and Programs to Service Manager Programs

3. Admin Selects Program to be Executed

when Package is Requested

4. Administrator Creates Deployment

Process and Correlates Packages to
Templates

6. Administrator Publishes 5. Administrator Creates Desired Change

Software to the Portal Request Workflows

7. End User Requests 8. Change Request is Created with

Software Software Deployment Template

9. Change Request is Routed and

Approved

10. Software Deployment

Process Creates or Uses Existing
Advertisement and Targets it at a
Collection.

11. Software is Deployed

12. Result of Deployment is

13. Result of Deployment brought into obtained.
Service Manager

14. Change Request is Closed

14
Software Requests
• Software maps to a single program with an SCCM package
− Packages and programs are imported via SCCM connector
• SM Admin configures each package to be published to the End User Portal
− SCCM site server and site code need to be added to settings
− Select the program that is to be executed when an end user requests that application
(package)
− Select which packages should be published to the portal
− Create a software deployment process which should be used to map software (packages) to
templates.
• Users request software, which creates a change request for software to be
installed on the computer where the portal was running.
− Requires Portal ActiveX control to be installed on machine
• Software deployment workflow accesses SCCM to create advertisement for
requested software.
− Also creates collection if necessary
• Software deployment activity status workflow checks every 24 hours for
advertisement status
− Automatically updates CR is success, does not if failure.

15
Scenario: Automating End-user Software Request

Create Configure End User Manager Advertisement Software

Packages & SM Portal Requests Approves Delivered Deployed
Programs Software Request

End User Manager

16
Supported Topologies
Any Combination of Portal, SM Management
Server, SMDB (SQL), and SM Console
Multiple IIS Servers Under a Network Load
Balancer, with Each Node Hosting the Portal.

Portal + Management Server

You should be aware that although the portal and SM management server can
coexist on the same server, there is no way to individually uninstall one but not the
other. The same is true for the portal and SM Console.
17
Installation
Can run on any Server with IIS 7.0
IIS Application SM-App must run under a
domain user
The account you specify will be added to
the Workflows user role in Service Manager
IIS Web Site must use SSL
Get Certificate from a CA (use Web Server
Form)
Copy Certificate from User to Computer
“Personal Certificates”
18
Configuration
Set End User Portal Contact IT Settings
Set the Configuration Manager
Configuration
Configure Software Deployment Processes
Publish Software Packages

19
SharePoint Configuration
• Install Portal on SharePoint Server
• Copy Over Web Parts
• Add Files to GAC
• Edit Web.config file
• Create Pages

20
Modifying
You can remove Reset Password and
Request Software Links
Change Company Graphics in the Self-
Service Portal
Web parts can be shown in SharePoint
Self Service Portal cannot be modified or
change except for the things listed above,
eg. Adding fields or buttons

21
Password Reset Link
This is only a link to an existing Password Reset Webpage
Configuring Password Reset Link
Navigate to \inetpub\wwwroot\\System Center Service
Manager
Open:
Portal\EndUser\Home.aspx
Portal\EndUser\MasterPages\ServiceManagerPortal.master
Portal\EndUser\MasterPages\ServiceManagerCommandsMaster.master
Make the addition below in green
<SM_WebParts:HomePageTasks ID="HomePageTasksWebPart"
runat="server" Title=" " ResetPasswordUrl=”http://<link to password
reset URL>”/>
Save Changes

22
SM Console Settings
Configuring Portal Settings
Configuration Manager Software Deployment
Configuration
Site Server Name: Best practice is to use the central
site server.
Site Code: central site server site code.
End User Portal Contact IT Settings

Use the Central Site Server.

If two Configuration Manager Connectors are made to two site servers, the portal can
show the software for both, but when an end user requests software, it may submit
the requests to the incorrect site server. As a best practice, the connector and
software provisioning configurations should be made with the central site server who
will then delegate the work to the appropriate site servers.

23
Home Page Image – End User Portal

Create 216 (height) by 43 (length) size logo and save to the

following locations on the SSP Server:
\inetpub\wwwroot\System Center Service Manager
Portal\EndUser\MasterPages\Images
Go to \inetpub\wwwroot\System Center Service Manager
Portal\EndUser and open the following:
Home.aspx
\MasterPages\KnowledgeArticle.master
\MasterPages\ServiceManagerCommandsMaster.master
\MasterPages\ServiceManagerPortal.master
Replace highlighted text with the title of your image
<img src="MasterPages/images/Title_SelfServicePortal_MSFT.png"
alt="Self-service portal" border="0" />

24
Home Page Image – Analyst Portal

Create 216 (height) by 43 (length) size logo and

save to the following locations on the SSP Server:
\inetpub\wwwroot\System Center Service Manager
Portal\Analyst\Images
Open Using Notepad:
\inetpub\wwwroot\\System Center Service Manager
Portal\Analyst\MasterPage.master
Replace highlighted text with the title of your
image
<img src="Images\Title_ITAnalystPortal_MSFT.png"
alt="Analyst portal" border="0" />

25
Certificates
Portal by default uses port 443 which requires a
server certificate.
If you are not creating a domain certificate (I.e.
Lab Environment), use the following steps to
resolve the certificate error:
In IIS Manager, create a Self-Signed Certificate
Export the certificate to an accessible location
Open the MMC console on the client machine, and
add the certificate snap-in
Import the newly created certificate to the “Trusted
Root Certification Authorities” directory.

26
Self-Service End User

27
Self-Service Portal
Enabling the end-user

28
Self Service Portal
The self-service portal allows end users to
perform the following functions
Submit new incidents
View announcements
View and search knowledge base articles
Reset their password (requires Microsoft®
Forefront Identity Manager)
Self-service software provisioning (requires
System Center Configuration Manager 2007)
Contact support by e-mail, phone, or chat

29
Announcements
Purpose:
To reduce duplicate requests caused by problems with
the same root cause.
To keep end users informed about current and future IT
plans, events, issues, etc…
Created by Administrators Using the Service
Manager Console.
Visible in both the End User and Analyst Portals.

30
Knowledge
Purpose:
To allow end users to solve their own problems using SM
knowledge base.
Created by members of the “Author” and “Administrator”
roles using SM Console.
Appear in the portal only if they are published.
Top 10, based on analyst rankings, are shown on the home
page.

31
Self-Service Analyst

32
Analyst Portal
Purpose:
Enable Change Request and Activity users to
update work items without requiring SM
console.
User Can:
Approve/Deny Review Activities.
Mark Manual Activities as Completed/Failed.

Did you Give the Users the needed permissions?

The All Authenticated Users AD security group is put in the End Users user role out of
the box so that any users that can be authenticated will be able to use the portal as
an end user. With these permissions users do not have the right to use the analyst
portal. Any other user role has enough permissions to use the Analyst Portal.

33
Self-Service Analyst
In addition, the IT Analyst can perform the
administrative procedures on the self-
service portal:
View, edit, and delete announcements
View, edit, and delete top bar links
Change the company logo on the Web pages

34
Self Service Portal

35
Demonstration

Service Manager
Self-Service Portal

36
Service Manager Self-service
Portal Review Questions
Which two personas does the Self-service
Portal target against?

Name three functions / services that the

End-user portal provides?

Name three functions / services that the

Analyst portal provides?

37
Hands on Lab

Service Manager
Self-Service Portal

38
Summary
Understanding SSP Architecture
IIS
Web Certificate
Integration to SCCM
End-user
Submit Incident & Changes
Password Reset
Analyst
Approve Changes / Activities
Edit IT Announcements

39
 © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not
be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
40