none
Design advice self service password reset

    Question

  • Hi,

    I'm looking at a fim design for around 10,000 users with the following:

    1 x sql server for fim portal DB
    1 x fim server for fim service + fim portal
    1 x fim sync server with sync service + sync DB

    I need to incorporate FIM password registration and reset in as well. I'm unsure of whether to add the password reset and registration portal on the same server as the fim service and portal.

    My understanding is that the main reason to separate the SSPR from the fim service and portal is due to external access for external users (i.e. security). However what I'm not sure about if external users are not relevant and if I'm to put SSPR and fim portal on the same server, then how should the IIS sites and app pools be configured? Will 3 separate IPs, IIS sites and app pools be required?

    Thanks

    Friday, December 27, 2013 6:21 PM

Answers

  • OK - looking at your current setup you are not looking at fail-over, load balancing side of design. With this in mind - yes, you can put SSPR apps on the same box as FIM portal. Setup will create appropriate web sites and app pools for you. 

    you can host it all on single IP and use host headers - if you will look for putting SSL for protection of traffic just remember to use cert with subject alternative names of wildcard if you want to keep it all on single Up with host headers. 


    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    • Proposed as answer by Borys Majewski Monday, December 30, 2013 11:00 PM
    • Marked as answer by EuroTechie2013 Wednesday, January 01, 2014 7:11 PM
    Friday, December 27, 2013 8:36 PM