I have few question regarding the installation of FIM 2010 R2. Let me also share my infrastructure details with you -
We have the following -
Seperate instance for FIM Service, FIM Synchronization Service, FIM Portal Servers. All components of FIM will have there own servers. As per the installation guide from MS - I have asked my AD guy to create the service account for FIM Service, Sync
Services, Portal and WSS 3.0. I have also asked him to create FIM MA account.
1. Now below are the steps in the installation guide. I am not sure where do I need to run this. On FIM Sync Server ?
To enable the FIM MA to log on locally
Click Start, and then click Administrative Tools.
Click Local Security Policy, and then click
Local Policies\User Rights Assignment.
In the policy Allow log on locally, ensure that the FIM MA account is explicitly specified, or add it to one of the groups that is already granted access.
2. I am planning to install FIM portal/password registration portal/reset portal on single server. Is it ok ? Let us ssume..it is ok, I have installed the WSS 3.0 on this server. Now when I reach till below steps, I have some confusion -
To run the SharePoint Application Pool using an account that is located in the domain using WSS 3.0
Start SharePoint 3.0 Central Administration from
Select Operations and Service Accounts.
Select Web Application Pool, and select
Windows SharePoint Services Web Application. Select the SharePoint Application Pool where the FIM Portal will be installed, which by default is SharePoint – 80.
Enter the user name and password for the service account that you created earlier.
Click OK to save your changes.
Since I am installing the WSS on the same server which will be used as FIM Portal server...so I am wondering which service account will be used as mentioned in the above step - The SA for FIM Portal or WSS 3.0
3. Can I configure this thing w/o SSL atleast to see if it works.
4. During registring the SPN, it says that it is recommended to use alias. Agreed. Later, the installation guide also says this -
The <alias> above is the address that
is entered during FIM Service setup and used by the clients and the FIM Portal to contact the Web Service. This can be an alias (CNAME) or host (A) resource record in DNS. If you are using Network Load Balancing (NLB), this is the name of the cluster."
I checked the screenshots in the installation guide...I dont see any step in the wizard..which ask for this alias.
Can anybody help with these. Also please share any best practices ot any detailed step by step guide which can help me with this installation.
I highly recommend Kent Nordstrom's book, Microsoft Forefront Identity Manager 2010 R2 Handbook. http://www.amazon.com/Microsoft-Forefront-Identity-Handbook-ebook/dp/B0092LB1YM/ref=tmm_kin_title_0?_encoding=UTF8&sr=8-1&qid=1377027960
I found it invaluable in setting up my proof of concept environment.