How to deploy with Release Management to remote datacenter

Question

We are running TFS and Release Management on premises, and i want to deploy my applications to a remote datacenter. Access is over the internet, so there is no windows shares available. I am using the vNext templates, and afaik RM seems to only support unc paths over windows shares.

How can i use Release Management to deploy software to this datacenter?

Im working on this solution: Use WebDav on a IIS located inside the datacenter. RM server and Target can use the WebDav client built into windows and access it by an unc path.

I haven't gotten this to work yet, as RM won't use the correct credentials to logon to the webdav server.

Updated with my solution This is only a proof of concept, and is not production tested.

1. Setup a WebDav site accessible from both RM server and Target server
2. Install the feature "Desktop experience" on both servers

3. Make the following DLL

   using System;
   using System.ComponentModel.Composition;
   using System.Diagnostics;
   using System.IO;
   using Microsoft.TeamFoundation.Release.Common.Helpers;
   using Microsoft.TeamFoundation.Release.Composition.Definitions;
   using Microsoft.TeamFoundation.Release.Composition.Services;
   namespace DoTheNetUse
   {
     [PartCreationPolicy(CreationPolicy.Shared)]
     [Export(typeof(IThreadSafeService))]
     public class DoTheNetUse : BaseThreadSafeService
     {
       public DoTheNetUse() : base("DoTheNetUse")
       {}
   
       protected override void DoAction()
       {
     Logger.WriteInformation("DoAction: [DoTheNetUse]");
     try
     {
       Logger.WriteInformation("# DoTheNetUse.Start #");
   
       Logger.WriteInformation("{0}, {1}", Environment.UserDomainName, Environment.UserName);
       {
         Logger.WriteInformation("Net use std");
         var si = new ProcessStartInfo("cmd.exe", @"/c ""net use \\sharedwebdavserver.somewhere\DavWWWRoot\ /user:webdavuser webdavuserpassword""");
         si.UseShellExecute = false;
         si.RedirectStandardOutput = true;
         si.RedirectStandardError = true;
   
         var p = Process.Start(si);
   
         p.WaitForExit();
         Logger.WriteInformation("Net use output std:" + p.StandardOutput.ReadToEnd());
         Logger.WriteInformation("Net use output err:" + p.StandardError.ReadToEnd());
       }
       //##########################################################
           Logger.WriteInformation("# Done #");
         }
         catch (Exception e)
         {
           Logger.WriteError(e);
         }
       }
     }
   }
   

4. Name it "ReleaseManagementMonitor2.dll"

5. Place it in the a subfolder to The service "ReleaseManagementMonitor"
6. Configure the shared path as the solution below states.

DO NOT OVERWITE THE EXISTING "ReleaseManagementMonitor2.dll"

The reason that this works is MEF. The ReleaseManagementMonitor service tries to load the dll "ReleaseManagementMonitor2.dll" from all subfolders. This dll implements a service interface that RM recognises. It the runs "net use" to apply the credentials to the session that the service runs under, and thereby grants access to the otherwise inaccessible webdav server.

This solution is certified "Works on my machine"

Answer 1

RM does work only with UNC, you are right on that.

You can leverage that to make your scenario work -
In Theory

• Create a boundary machine on the RM domain, where your drops can be copied.
• The deploy action running on your datacenter can then copy bits from this boundary machine, using credentials that have access on that domain. (These credentials are provided by you in the WPF console)

How this works

1. Have a dedicated machine on the RM server domain (say D1) that will be used as a boundary machine.

2. Define this machine as a boundary machine in RM by specifying a shared path that will be used by your data centre. Go to settings tab in your WPF console, create a new variable - { Key = RMSharedUNCPath, Value = \\BoundaryMachine\DropsLocation }. RM now understands you want to use this machine as your boundary machine.

3. Make sure you take care of these permissions

• RM Server should have write permissions on the \\BoundaryMachine\DropsLocation share.
• Pass down credentials of domain D1 to the target machine in the data centre (Domain D2), that can be used to access the share.

4. Credentials can be passed down fron the WPF console, you will have to define the following two config variables in the settings tab again.

• Key = RMSharedUNCPathUser ; Value = domain D1 user name
• Key = RMSharedUNCPathPwd ; Value = password for the user defined above.

PS - Variable names are case sensitive.

Also, to let RM know that you want to use the SharedUNC mechanism, check the corresponding checkbox for the RM server and connect to it via IP and not DNS name as these must be in different domains, i.e.

Answer 2

The Release Management is copying VisualStudioRemoteDeployer.exe to C:\Windows\DtlDownloads\VisualStudioRemoteDeployer folder on the target server then is copying the scripts from the specified location to target server using robocopy.

So you have to give permissions from your target server to your scripts location.

Answer 3

Try to use Get-Content on local-server then Set-Content on the remote server passing the file contents over;

Could package everything into an archive of some kind.

Answer 4

Release Management update 4 supports "Build drops stored on TFS servers"

http://blogs.msdn.com/b/visualstudioalm/archive/2014/11/11/what-s-new-in-release-management-for-vs-2013-update-4.aspx