RM 2015 Best Practices

RM 2015 Best Practices

1Perf tuning

2Security

3Configuration

4Operations

Below are the best practices that we recommend customers use for Release Management 2015

1Perf tuning

1. Release retention:
2. Don’t keep releases in the database forever. Delete releases that you no longer need – presumably after they become more than N days old. Please look at the related document on how this can be achieved with the WPF server.
3. For releases that are in-progress but not required, you should abandon them (see related document for how to do this with WPF server).
4. The default values for deployer knobs are set assuming that there will be < 30 deployers. The values of these knobs determine the load on the server. This needs to be changed if your # deployers is significantly more than 30.
5. In Release Templates, use Tags if possible, rather than parallel flows.
6. If possible, combine many actions in to one.
7. If possible, have fewer stages in the release template.
8. Approvals should not be kept hanging forever. If a release doesn’t need to be approved, it should be abandoned.

2Security

1. De-activate assets that are no longer required. For example, if a Release Template is not useful any more, then this RT should be de-activated. The same holds for servers, environments, release paths, etc. This will ensure that unintended releases are not started.
2. Email groups: The groups of accounts to which emails are sent should be relevant and small.
3. Always use encrypted variables for secrets.
4. The users in the system should be kept up to date: You should delete users who are no longer using the system.
5. Note: AD sync will take care of syncing AD users with RM users, but will not delete old users.
6. If you are using PROD in your RT, then ensure that only appropriate users have access to the PROD environment.

3Configuration

1. Do not install TFS on the same machine as RM Server
2. Do not share the RM DB machine with any other server.
3. Make sure the database and RM Server are co-located on the same network hub or router, so that the latency will be less.
4. Additionally, have as few firewalls as possible between the deployer and the server so that packet loss is minimized.
5. TFS Group and AD Group sync should happen at most once a day if the # accounts is large (more than 50). If the # accounts to sync is very large, then this should be even less frequent e.g. some customers who have ~300 users sync once every 48 hours.
6. Deployers should be provisioned using a domain user account (as opposed to local system account) so that the permissioning model is easier – whether accessing a UNC path or HTTP end point.
7. If there are too many SQL timeouts i.e. 500 errors, then the SQL timeout should be increased.
8. We recommend UNC paths over HTTP(S) as with HTTP(S), the build is routed to the deployerthrough the server.
9. Config as code: You should make config changes to prod through scripts that are checked into source control and flow through the build.

4Operations

1. If you are moving RM from one machine to another, then use this blog post:
2. Ensure that the update_stats job is running on a regular basis. See related document on how to ensure this.
3. Have CPU/Memory monitors running on the database and on the RM Server app pool, so that you know when there is a spike and can detect what is happening at that time. You can use a standard tool like perfmon for this.
4. Make sure that the RM / deployer installation folders as well as runtime folders are excluded from virus scanners on the machine.
5. Release Queueing: If you want to ensure that subsequent releases don’t interfere with the current one, then approve the subsequent release only after the current release has finished. Reason is that the agent could inter-leave tasks from different releases that are queued on it.
6. If you are observing that things are slow for the WPF RM server, then you can check whether the workflow layer in Release Management is overloaded, and you can clean up the runnable instances on your SQL Server using the technique in the attached document.