none
FIM 2010 R2 SP1 Software Requirements RRS feed

  • Question

  • Hi all,

    i will deploy FIM 2010 R2 SP1 i want to know if i can install it on one server with the below.

    1- Windows Server 2012 R2.

    2- SQL 2012 SP1.

    3- SharePoint Foundation 2013 with SP1.

    also what is the hardware requirements for this setup.

    Thanks


    Teka

    Monday, January 26, 2015 8:08 PM

Answers

  • If you found my answers helpful, please mark them as answer(s) and vote for them. Thanks.

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Marked as answer by tkhiry Wednesday, January 28, 2015 8:53 AM
    Tuesday, January 27, 2015 1:53 PM
  • If you install FIMService first, you'll get additional screen that FIMSync was not found on the server, so it is better to install FIM Sync as first just to make sure FIM Sync is in good condition.

    So install them in the following order:

    1. SQL

    2. FIM Sync or SharePoint 2013

    3. FIM Sync or SharePoint 2013

    4. FIM Service and Portal(s)

    Remember that it is a good practice to export FIMSync database key and back up clean database before patching or configuring FIM (it gives you possibility to start from scratch without reinstalling FIM).


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.


    • Edited by Dominik Trojnar Wednesday, January 28, 2015 9:16 PM
    • Marked as answer by tkhiry Thursday, January 29, 2015 11:50 AM
    Wednesday, January 28, 2015 9:14 PM
  • Hi,

    Regarding SSL certificate - which part of FIM are you installing? In FIMService I commonly use self-signed, but for FIM Portal and other FIM Portals as SSPR the better is certificate trusted in local active directory.

    Considering that your local domain is different than external domain my question is - would you like to allow external people to reset their password? If so, install reset page on external address and both - portal and registration pages on internal addresses. 

    If you plan to allow access to FIM Portal from external sources, it is a good idea to publish it as well with external address.

    Or you can publish them on two bindings in IIS :)


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Marked as answer by tkhiry Tuesday, February 3, 2015 9:31 AM
    Tuesday, February 3, 2015 7:52 AM

All replies

  • Hi tkhiry,

    At first, please remember that Windows Server 2012 R2 is not supported. The latest OS supported platform is Windows Server 2012.

    2 - would you store any other databases or only FIM databases?

    3 - which parts of FIM would you like to install? FIMSync? FIMSync and FIMService/Portal? Any other FIM parts also?


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Monday, January 26, 2015 8:22 PM
  • Thanks Dominik,

    1- I know it's not supported but i thought maybe there was an updated after the SP1 make it supported.

    2- The SQL will be used only for FIM deployment.

    3- i want to be able to do the following.

           - Account management: unlock, enable/disable, delete
           - Group membership: add/remove user to group,
           - Schedule for add/remove user to/from groups.
           - Schedule for enable/disable user.
           - Link AD account with Oracle system accounts.
           - Reset/unlock the password either by secret Questions/Answers or alternate Email address.

    so what exactly the roles i have to install.

    4- is it okay to host SQL, SharePoint foundation and FIM on the same server?

    5- also if i will use Windows 2012, can i use SQL 2012 SP1 and SharePoint Foundation 2013 with SP1?

     


    Teka

    Monday, January 26, 2015 8:36 PM
  • Hi Teka,

    I'll start from the last point:

    5 - yes, both of them are supported on 2012 (Service Pack is still a part of "main" release) - https://technet.microsoft.com/en-us/library/jj863246(v=ws.10).aspx

    4 - yes, it is okay for small environments (https://technet.microsoft.com/en-us/library/ff400273(v=ws.10).aspx)

    3 - FIM Sync, FIM Service, FIM Portal and FIM Self-Service registation and reset portals.

    1 - It is rather expected that FIM's successor (MIM) would support R2, so FIM 2010 R2 probably would not support it in any build.

    All of those are okay, but to specify requirements, there is a last question: how many objects would you have there managed by FIM Sync and/or FIM Service?

    https://technet.microsoft.com/en-us/library/ff400279(v=ws.10).aspx


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Proposed as answer by MKołódź Tuesday, January 27, 2015 10:58 AM
    Monday, January 26, 2015 8:54 PM
  • Thanks Dominik for the prompt reply, regarding the objects we have 250 users and around 25 groups, regarding the workflows i don't know how many is required for the above requirements, also is there any documents describe how we can configure the above requirements, and finally how i can deploy FIM with DR topology.

    Teka

    • Proposed as answer by _rb Friday, July 1, 2016 5:13 AM
    • Unproposed as answer by _rb Friday, July 1, 2016 5:13 AM
    Monday, January 26, 2015 9:38 PM
  • 250 users only? Wow, that's small environment indeed :)

    It looks that 8-12 GB of RAM would be suitable here as well as 2 processors.


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Proposed as answer by MKołódź Tuesday, January 27, 2015 10:58 AM
    Tuesday, January 27, 2015 9:01 AM
  • Thanks Dominik,

    i would like to know if there is any documentation for the configuration and workflows creation after the FIM deployment.


    Teka

    Tuesday, January 27, 2015 9:46 AM
  • also what is the SQL configuration required for FIM as im installing the SQL for FIM only.

    Teka

    Tuesday, January 27, 2015 9:54 AM
  • Just install database and full-text search and Management Tools (if you want, you don't have to install them).

    SharePoint needs only Database Engine Services (not even its children features) so you'll have them for FIM anyway :)


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Proposed as answer by MKołódź Tuesday, January 27, 2015 10:58 AM
    Tuesday, January 27, 2015 10:57 AM
  • Thanks Dominik for the valuable information you provided here.

    Teka

    Tuesday, January 27, 2015 1:21 PM
  • If you found my answers helpful, please mark them as answer(s) and vote for them. Thanks.

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Marked as answer by tkhiry Wednesday, January 28, 2015 8:53 AM
    Tuesday, January 27, 2015 1:53 PM
  • Hi Dominik,

    one last question, is there any order for installing the services or it's okay to install the FIM service and portal first then the FIMSync service?

    Thanks


    Teka

    Wednesday, January 28, 2015 8:55 AM
  • If you install FIMService first, you'll get additional screen that FIMSync was not found on the server, so it is better to install FIM Sync as first just to make sure FIM Sync is in good condition.

    So install them in the following order:

    1. SQL

    2. FIM Sync or SharePoint 2013

    3. FIM Sync or SharePoint 2013

    4. FIM Service and Portal(s)

    Remember that it is a good practice to export FIMSync database key and back up clean database before patching or configuring FIM (it gives you possibility to start from scratch without reinstalling FIM).


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.


    • Edited by Dominik Trojnar Wednesday, January 28, 2015 9:16 PM
    • Marked as answer by tkhiry Thursday, January 29, 2015 11:50 AM
    Wednesday, January 28, 2015 9:14 PM
  • Thanks Dominik,

    sorry i have one more question, regarding the FIM groups, is it better to keep it as local groups or pre create them as domain global groups.


    Teka

    Thursday, January 29, 2015 11:26 AM
  • I would create them as AD groups.
    Thursday, January 29, 2015 8:04 PM
  • Thanks for the reply, but why is it recommended to be domain groups and what is the difference.

    Teka

    Friday, January 30, 2015 10:53 AM
  • Hi thikry,

    Domain groups as easier to manage (via AD console) and, if you would ever move FIMSync to another host in the same domain, you would be sure that every user already in groups still have access to FIM console.

    If you would use local groups on computer, if you would move FIM Sync to another server, you would need additional steps (create local groups, re-run installation to fix their SID) to get access to FIM Sync Management Console.

    Those are main differences I see.


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Saturday, January 31, 2015 8:17 AM
  • Agree with Dominik.

    If you have an AD, you should never (unless you have some really special needs) use local groups or users
    i guess you create domain users and not local for serviceaccounts.

    Sunday, February 1, 2015 3:24 PM
  • Thank you all for your valuable information here, regarding the certificate can i use the self signed certificate or i need to use the SSL certificate from internal CA?

    Teka

    Sunday, February 1, 2015 6:17 PM
  • also my internal domain is different than the external domain, which domain should i use internal or external and where.

    Teka

    Monday, February 2, 2015 9:33 PM
  • Hi,

    Regarding SSL certificate - which part of FIM are you installing? In FIMService I commonly use self-signed, but for FIM Portal and other FIM Portals as SSPR the better is certificate trusted in local active directory.

    Considering that your local domain is different than external domain my question is - would you like to allow external people to reset their password? If so, install reset page on external address and both - portal and registration pages on internal addresses. 

    If you plan to allow access to FIM Portal from external sources, it is a good idea to publish it as well with external address.

    Or you can publish them on two bindings in IIS :)


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Marked as answer by tkhiry Tuesday, February 3, 2015 9:31 AM
    Tuesday, February 3, 2015 7:52 AM
  • Thanks Dominik for your usual support and the valuable information you always provide, one more question regarding the Oracle integration and SSO for Oracle, what is the supported version for Oracle and is there any documentation for this integration.

    Teka

    Tuesday, February 17, 2015 5:30 AM