If you haven’t seen it yet go check it out and give it a try with the Brian Keller VM.However, running Release Management in a production environment is different from running it installed on one single virtual machine. In this blog I want to share some info I found while trying to install Release Management in more complex environments.
Release Management Architecture
- Release Management Server. This component is installed on your TFS server and is the main part of Release Management.
- Release Management Client. The client tool is for DevOps what Visual Studio is for developers or Microsoft Test Manager for testers. You run it at your local pc and use it to setup deployments and monitor releases.
- Deployment Agent. This tool is installed at the servers you are targeting with your deployments. The Deployment Agent uses a pull model where it contacts the Release Management Server at a specified interval to check if there are new releases. This is done over HTTP(S) to avoid firewall problems.
However, when working with multiple domains things can get tricky. Fortunately, Microsoft has some great people working on Release Management who helped me out.
Connecting the Release Management Client from a different domain
Now let’s get started with the Release Management client. If you have external customers or internal employees that are not connected to your companies Active Directory Domain, you have two options when connecting a user.
The first option is to use the domain account of the user and add that to Release Management together with the local username:
- Add the domain account for the user to Release Management as both a Release Manager and a Service User.
- Add the username that the user is using on his local pc to Release Management as a Service User (and as a Release Manager if the user should be a Release Manager).
After configuring these two users, the Release Management server knows about your local machine account and about your domain account. Now you need to configure the client to know about both.
On the client machine, the user needs to add his domain account to the Credential Manager for the URL of your Release Management Server (like tfsrm.<yourdomain>.com)
And that’s it. After launching your client it will use the credentials from your credential manager and connect to Release Management with your local, non-domain account.
A second option you have is creating a shadow account on the Release Management machine. This shadow account should have the same username and password as your local pc account. This shadow account can then be added to Release Management and you can give it the appropriate permissions. This option is easier to configure since you don't need to configure the Credential Manager or use the domain account of the user. A problem with this option is that you need the password of the users local account. If that's a problem, you could have the user create a second account on their PC that's solely used for connecting the Release Management client.
Connecting the Release Management Deployment Agent from a different domain
- Create an account on your TFS server. For example: DeploymentAgentXXX with a strong password.
- Create the same account on your deployment server and make the account a local administrator.
- Add DeploymentAgentXXX to Release Management as a Service User.
- On the server where you want to install the deployment agent add the DeploymentAgentXXX account to your Credential Manager. Use the URL for your Release Management Server.
- Install the agent and use the DeploymentAgentXXX account in the configuration screen.
What about a proxy?
“Failed to configure Release management service user. Error: The remote server returned an error: (407) Proxy Authentication Required”.
You can fix this error by adding the following snippet to your app.config file located at Program Files (x86)\Microsoft Visual Studio 12.0\Release Management\bin\DeploymentAgent.exe.config:
<defaultProxy useDefaultCredentials="true" />
And that’s it! When you get the hang of it, it’s quite easy to setup Release Management and configure all the authentication settings.
Comments? Feedback? Any problems with getting Release Management up and running? Please leave a comment!