First published on TECHNET on Sep 18, 2017
Author:
Zack Campbell
, Service Engineer, Microsoft Skype for Business Online Services
I was recently engaged by the owner of multiple high-visibility and business-critical UCMA Trusted Applications, requesting my assistance to replace the Trusted App Computers associated to a large list of Endpoints. I didn't know the full backstory, but apparently their servers were VMs, hosted to Hyper-V hosts which they were under a hard deadline to vacate. Anyway, the initial request seemed simple enough, but as I dug in, I quickly realized that there was no direct relationship between their Trusted App Computers and their Endpoints.
I also realized (not so quickly) that there was not a one-to-one relationship between those objects. I knew I had the data I needed to figure out those relationships, but -- being the
smart
lazy SfB admin that I am -- I started by digging around the Internet for some background, only to come up empty.
Anyone who has worked much with UCMA Trusted Apps probably already understands this, but I was just then realizing that I had some quick scrambling to do to ensure I didn't cause an outage for their Trusted Apps… while implementing a change to prevent a different outage. That's never a good day.
You're really going to make me work at this, huh?
Up to this point, I had been able to slide by on most UCMA change work, without having a super clear understanding of the relationships between UCMA Trusted Apps and their respective Pool, Endpoint, and Computer objects.
This time, however, while the app owner was somewhat confident of the App Pools and Apps associated with his various Computers and Endpoints, he wasn't totally certain, nor was he sure which ones corresponded with which. Unfortunately, that's not good enough, when doing change work… so it fell to me to really figure this whole model out, so I could give the App owner solid consulting advice, make the right changes at the right times, and help him avoid any impact.
Getting all the pieces together
Not having found any help on the Internet, I got to work, picking through my company SfB deployment's various existing Trusted Apps, Computers, App Pools and Endpoints, looking closely at the object properties that tied them together. I made several interesting observations, which I was later able to stitch together into a fairly simple model:
-
Trusted
Apps
are directly related to a single Trusted App
Pool
.
-
The property that ties them together is the App
Pool
's
PoolFqdn
(corresponding to the Trusted
Apps
'
TrustedApplicationPoolFqdn
property).
-
The App
Pool
has a corresponding
Applications
multivalued property, populated by all the Trusted
Apps
associated with it (via their
ApplicationId
properties).
-
A Trusted App
Pool
doesn't have to have any Trus...
-
Trusted App
Endpoints
are directly related to a single Trusted
App
.
-
The property that ties them together is the Trusted
App
's
ApplicationId
(corresponding to the Trusted Apps
Endpoints
'
OwnerUrn
property).
-
A Trusted
App
doesn't have to have any Trusted A...
Ok, that's not so bad
These observations were helpful, but not the kind of thing that's easy to remember or use. More to the point, I prefer pictures, so I made one. Nice, huh? This is a lot easier…
Application
With this model in hand, it was a simple matter to build the list of all Trusted App Pools and respective Trusted App Computers associated with the Endpoints my customer provided, and it helped them as well, to see/understand how their objects related to each other.
My hope is that it'll be useful to other SfB admins, as well. Don't hesitate to provide comments and feedback. I'll be happy to update this, as needed.