Hi all,
i will deploy FIM 2010 R2 SP1 i want to know if i can install it on one server with the below.
1- Windows Server 2012 R2.
2- SQL 2012 SP1.
3- SharePoint Foundation 2013 with SP1.
also what is the hardware requirements for this setup.
Technology Tips and News
Hi all,
i will deploy FIM 2010 R2 SP1 i want to know if i can install it on one server with the below.
1- Windows Server 2012 R2.
2- SQL 2012 SP1.
3- SharePoint Foundation 2013 with SP1.
also what is the hardware requirements for this setup.
Hi tkhiry,
At first, please remember that Windows Server 2012 R2 is not supported. The latest OS supported platform is Windows Server 2012.
2 - would you store any other databases or only FIM databases?
3 - which parts of FIM would you like to install? FIMSync? FIMSync and FIMService/Portal? Any other FIM parts also?
Thanks Dominik,
1- I know it's not supported but i thought maybe there was an updated after the SP1 make it supported.
2- The SQL will be used only for FIM deployment.
3- i want to be able to do the following.
- Account management: unlock, enable/disable, delete
- Group membership: add/remove user to group,
- Schedule for add/remove user to/from groups.
- Schedule for enable/disable user.
- Link AD account with Oracle system accounts.
- Reset/unlock the password either by secret Questions/Answers or alternate Email address.
so what exactly the roles i have to install.
4- is it okay to host SQL, SharePoint foundation and FIM on the same server?
5- also if i will use Windows 2012, can i use SQL 2012 SP1 and SharePoint Foundation 2013 with SP1?
Hi Teka,
I'll start from the last point:
5 - yes, both of them are supported on 2012 (Service Pack is still a part of "main" release) - https://technet.microsoft.com/en-us/library/jj863246(v=ws.10).aspx
4 - yes, it is okay for small environments (https://technet.microsoft.com/en-us/library/ff400273(v=ws.10).aspx)
3 - FIM Sync, FIM Service, FIM Portal and FIM Self-Service registation and reset portals.
1 - It is rather expected that FIM's successor (MIM) would support R2, so FIM 2010 R2 probably would not support it in any build.
All of those are okay, but to specify requirements, there is a last question: how many objects would you have there managed by FIM Sync and/or FIM Service?
https://technet.microsoft.com/en-us/library/ff400279(v=ws.10).aspx
250 users only? Wow, that's small environment indeed :)
It looks that 8-12 GB of RAM would be suitable here as well as 2 processors.
Thanks Dominik,
i would like to know if there is any documentation for the configuration and workflows creation after the FIM deployment.
Just install database and full-text search and Management Tools (if you want, you don't have to install them).
SharePoint needs only Database Engine Services (not even its children features) so you'll have them for FIM anyway :)
Hi Dominik,
one last question, is there any order for installing the services or it's okay to install the FIM service and portal first then the FIMSync service?
Thanks
If you install FIMService first, you'll get additional screen that FIMSync was not found on the server, so it is better to install FIM Sync as first just to make sure FIM Sync is in good condition.
So install them in the following order:
1. SQL
2. FIM Sync or SharePoint 2013
3. FIM Sync or SharePoint 2013
4. FIM Service and Portal(s)
Remember that it is a good practice to export FIMSync database key and back up clean database before patching or configuring FIM (it gives you possibility to start from scratch without reinstalling
Thanks Dominik,
sorry i have one more question, regarding the FIM groups, is it better to keep it as local groups or pre create them as domain global groups.
Hi thikry,
Domain groups as easier to manage (via AD console) and, if you would ever move FIMSync to another host in the same domain, you would be sure that every user already in groups still have access to FIM console.
If you would use local groups on computer, if you would move FIM Sync to another server, you would need additional steps (create local groups, re-run installation to fix their SID) to get access to FIM Sync Management Console.
Those are main differences I see.
Agree with Dominik.
If you have an AD, you should never (unless you have some really special needs) use local groups or users
i guess you create domain users and not local for serviceaccounts.
Hi,
Regarding SSL certificate - which part of FIM are you installing? In FIMService I commonly use self-signed, but for FIM Portal and other FIM Portals as SSPR the better is certificate trusted in local active directory.
Considering that your local domain is different than external domain my question is - would you like to allow external people to reset their password? If so, install reset page on external address and both - portal and registration pages on internal addresses.
If you plan to allow access to FIM Portal from external sources, it is a good idea to publish it as well with external address.
Or you can publish them on two bindings in IIS :)