none
Microsoft Identity Manager 2016 - Sharepoint Foundation 2013 SP1 - Farm for High Availability and Load Balancing along with NLB RRS feed

  • Question

  • Hi,

    I have been working for one of our customers(employee base of around 5000) for implementing MIM 2016 and below is the high level deployment architecture and status of completion, we are also targeting to have MIM portal, MIM Password Registration portal, MIM Password Reset portal on High Availability,

    1. Server 1 = MIM Sync Service - Completed

    2. Server 2 = MIM Service - Completed

    3. Server 3 = Cluster enabled MS SQL DB for both (MIM Sync Service + MIM Service) - Completed

    4. Server 4 + Server 5 = Sharepoint Foundation 2013 SP1 Farm + MIM Portal. Each of these servers would be sitting in a NLB array(I have to admit I do not know much related to NLB) for load balancing - Installation of Sharepoint Foundation 2013 SP1 Farm along with MIM Portal is Completed on Server 4

    Now the confusion is on Server 5, among below options I am not sure which one is the right option,

    Option 1. Install just the Sharepoint Foundation 2013 SP1 with option selected to "Connect to an existing server farm" and point to the Farm on Server 4

    Option 2. Or do we need to install Sharepoint 2013 SP1 with option selected to "Connect to an existing server farm" and point to the Farm on Server 4 + the MIM Portal

    -----------------------------------------------------------------------------------------------------------------

    In one of the online articles the procedure that was mentioned was similar to Option 1. But there were no other details related to actual steps that need to be followed.

    Could someone please help me out with the procedure/steps for achieving HA for MIM Portal, MIM Password Portals. Or is there any online references that I can follow.

    Thanks,

    Chandan


    • Edited by Chandan19 Friday, July 14, 2017 4:49 AM
    Friday, July 14, 2017 4:48 AM

Answers

  • I think you're significantly overbuilding this, especially at your customer's scale.

    I don't think it's going to be supportable or easily manageable to have some portal servers in a farm and some in standalone so I'd pick one and do the same for all of them.


    Thanks,
    Brian

    Consulting | Blog | AD Book

    • Marked as answer by Chandan19 Tuesday, July 18, 2017 4:02 PM
    Tuesday, July 18, 2017 2:05 PM
    Moderator
  • That's correct

    Thanks,
    Brian

    Consulting | Blog | AD Book

    • Marked as answer by Chandan19 Tuesday, July 18, 2017 4:02 PM
    Tuesday, July 18, 2017 3:59 PM
    Moderator

All replies

  • Chandan-

    I usually don't use a farm for MIM. It creates some challenges with patching that don't really offset the extra work of configuring SharePoint twice in my opinion. You need to install MIM on both servers, though.

    I also would not recommend using the built-in NLB feature in Windows. It is difficult to configure/support and has no health monitoring capabilities. A hardware load balancer is going to provide a much better experience.


    Thanks,
    Brian

    Consulting | Blog | AD Book

    Sunday, July 16, 2017 6:25 PM
    Moderator
  • Thanks Brian, appreciate your reply. After going through your reply I did have a discussion internally with our HA experts and they also suggested to go with Hardware LB. Customer already has F5 so we probably will go with it.

    Secondly, We decided not to have MIM Admin Portal on HA,LB as we didn't have any major requirement for having MIM Admin portal on LB. We already have Sharepoint Farm+MIM Admin Portal on Server4, do you foresee a need for uninstalling Shrepoint Farm and reinstall Sharepoint on Standalone and then install MIM portal or is it ok if we still run Sharepoint on Farm just for MIM Admin Portal...I mean now that we do not have LB on MIM Admin Portal?

    MIM Password Registration + MIM Password Reset Portals for HA, LB

    For HA, LB we though of having Password Registration+Password Reset portal both on one server(Server5) additionally we will get another instance setup for Password Registration+Password Reset portal on a new server(Server6). Have separate sites created on F5 for Server5 and Server6 both having MIM Password Registration + MIM Password Reset Portals. Do you feel this solution look good for a employee base of 5000 with a LB requirement? Can you please give your opinion.


    Regards, Chandan

    Monday, July 17, 2017 8:59 AM
  • Chandan-

    I'm not sure how much workflow you're doing or how many end user requests you're expecting to the portal, but at that scale, a seperate admin tier of the MIM Service sounds overkill.

    Having the SSPR portals on two servers will be sufficient at your scale.


    Thanks,
    Brian

    Consulting | Blog | AD Book

    Monday, July 17, 2017 5:04 PM
    Moderator
  • Thanks Brian,

    We do have a requirement for MIM Admin Portal, where the HR team would create Users using Portal and then it would be synced/provisioned to AD and O365. But as of now the number of users created through MIM portal would be very less. But going ahead customer wants to use MIM portal as the source of truth for user/group creation/update. For now most of the Users would be provisioned based on HR application.

    Also, going ahead customer wants to explore other capabilities of MIM such as request/approval, end user self services(DL, Security Group, Editing user details...), hence we thought it would be good to have a separate server for MIM Service and separate server for MIM Portal. Just keeping it future ready.

    Do you think we need to uninstall sharepoint farm and reinstall sharepoint standalone for MIM Portal?



    Regards, Chandan

    Tuesday, July 18, 2017 2:27 AM
  • I think you're significantly overbuilding this, especially at your customer's scale.

    I don't think it's going to be supportable or easily manageable to have some portal servers in a farm and some in standalone so I'd pick one and do the same for all of them.


    Thanks,
    Brian

    Consulting | Blog | AD Book

    • Marked as answer by Chandan19 Tuesday, July 18, 2017 4:02 PM
    Tuesday, July 18, 2017 2:05 PM
    Moderator
  • Thanks Brian,

    One last query, I had read in one of the online articles that for MIM Password Registration and Reset portals we do not need Sharepoint as they rely only on IIS. Does this we need not install Sharepoint 2013 for MIM Password Portals?


    Regards, Chandan

    Tuesday, July 18, 2017 3:59 PM
  • That's correct

    Thanks,
    Brian

    Consulting | Blog | AD Book

    • Marked as answer by Chandan19 Tuesday, July 18, 2017 4:02 PM
    Tuesday, July 18, 2017 3:59 PM
    Moderator
  • Thanks a lot Brain.

    Regards, Chandan

    Tuesday, July 18, 2017 4:01 PM
  • Hi Brian,

    I did install MIM Password Registration portals on a separate windows server but when I try to access the Registration or Reset portal I see the message "This page can’t be displayed". I did try to uninstall and reinstall the MIM SSPR portals but still no luck. Took a restart of server as well. Any idea why I am getting this error.

    But it does work if I enter hostname of the server. Should I create a DNS entry for the hostname.. I have chosen host name as pwdreg.abc-company.com


    Regards, Chandan


    • Edited by Chandan19 Tuesday, July 18, 2017 6:51 PM
    Tuesday, July 18, 2017 5:12 PM