Test Lab Guide: Installing Forefront Identity Manager 2010 R2
Forefront Identity Manager 2010 R2
In This Guide
This guide contains instructions for setting up a test lab based on the Forefront Identity Manager 2010 R2 Test Lab Guide and deploying Forefront Identity Manager 2010 using one new server computer, two preexisting server computers, and one preexisting client computer. The resulting Forefront Identity Manager 2010 R2 test lab demonstrates and verifies installation. Future test lab guides will demonstrate the powerful functionalities of FIM 2010.
A full copy of this document is available for offline viewing here.
Important
The following instructions are for configuring a Forefront Identity Manager 2010 R2 test lab using a scaled-out deployment. That is, the FIM Portal and the FIM database will not be residing on the same server. Individual computers are needed to separate the services provided on the network and to clearly show the desired functionality. This configuration is neither designed to reflect best practices nor does it reflect a desired or recommended configuration for a production network. The configuration, including IP addresses and all other configuration parameters, is designed only to work on a separate test lab network. Attempting to adapt this Forefront Identity Manager 2010 R2 test lab configuration to a pilot or production deployment can result in configuration or functionality issues. To ensure proper configuration and operation for your pilot or production Forefront Identity Manager 2010 R2 deployment, use the information in Planning and Architecture (https://go.microsoft.com/fwlink/?LinkId=204576) for planning and design decisions and Deployment (https://go.microsoft.com/fwlink/?LinkId=204575) for the steps to properly configure the Forefront Identity Manager 2010 and supporting infrastructure servers.
Test Lab Overview
In this test lab, Forefront Identity Manager 2010 R2 is deployed with:
One computer running the FIM Synchronization Service and FIM Portal named FIM1. FIM1 uses the Windows Server® 2008 R2 Enterprise Edition operating system.
One computer running the FIM Password Reset Portal named FIM2. FIM2 uses the Windows Server® 2008 R2 Enterprise Edition operating system.
One preexisting server running SQL Server® 2008 R2 Enterprise and System Center Service Manager 2010 SP1, named APP1.
One preexisting server running SQL Server® 2008 R2 Enterprise, named APP2.
One preexisting server running SQL Server® 2008 R2 Enterprise, named APP3.
One preexisting server running Microsoft Exchange Server 2010 with Service Pack 1, named EX1.
The Forefront Identity Manager test lab uses the following subnet:
- The intranet established by the Base Configuration Test Lab Guide, referred to as the Corpnet subnet (10.0.0.0/24).
Computers on each subnet connect using a hub or switch. See the following figure.
.png "FIM 2010 R2 Test Lab Guide Architecture")
This test lab will guide you through the Forefront Identity Manager 2010 R2 installation process. The purpose of this test lab is to allow for the creation of a basic test lab environment that consists of Forefront Identity Manager 2010 R2. This test lab guide can be used as a building block for additional test lab guides that demonstrate increased functionality or additional features of Forefront Identity Manager 2010 R2.
Hardware and Software Requirements
The following are required components of the test lab:
The product disc or files for Windows Server 2008 R2 Enterprise Edition.
The product disc or files for Exchange Server 2010 with Service Pack 1.
The product disc or files for SQL Server 2008 R2 Enterprise.
The product disc or files for SharePoint Foundation 2010.
The product disc or files for Forefront Identity Manager 2010 R2.
The product disc or files for System Center Service Manager 2010 SP1
The files for Microsoft SQL Server 2008 Feature Pack, April 2009 - Microsoft SQL Server 2008 Native Client.
The following table provides a summary of the Microsoft software that is used in this guide.
Software |
Additional information |
Microsoft Exchange Server 2010 with Service Pack 1 – 64-bit |
Microsoft Exchange Server 2010 with Service Pack 1 (https://go.microsoft.com/fwlink/?LinkId=202857). |
Microsoft SQL Server 2008 R2 Enterprise – 64-bit |
Microsoft SQL Server 2008 Enterprise (https://go.microsoft.com/fwlink/?LinkId=207697). |
Microsoft SharePoint Foundation 2010 |
Microsoft SharePoint Foundation 2010 (https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=5970). |
Forefront Identity Manager 2010 R2 |
Forefront Identity Manager 2010 (https://go.microsoft.com/fwlink/?LinkId=204577). |
System Center Service Manager SP1 |
System Center Service Manager SP1 (https://www.microsoft.com/systemcenter/en/us/service-manager/sm-try-it.aspx) |
SCSM2010SP1_CU_KB2542118_AMD64_7.0.6555.115_EN.exe |
This cumulative update 2 is a rollup of fixes for System Center Service Manager 2010 SP1 (https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=12342 ) - KB2542118. |
SCSM2010SP1_OD_KB2561430_AMD64_7.0.6555.116.exe |
This is a Hotfix for SCSM SP1 with Cumulative Update 2. (https://www.microsoft.com/download/en/details.aspx?id=26631) – KB2561430 |
Microsoft SQL Server 2008 Feature Pack, April 2009 - Microsoft SQL Server 2008 Native Client |
Microsoft SQL Server 2008 Native Client (SQL Server Native Client) (https://go.microsoft.com/fwlink/?LinkId=204702) is a single dynamic-link library (DLL) containing both the SQL OLE DB provider and SQL ODBC driver. It contains run-time support for applications using native-code APIs (ODBC, OLE DB, and ADO) to connect to Microsoft SQL Server 2000, 2005, or 2008. SQL Server Native Client should be used to create new applications or enhance existing applications that need to take advantage of new SQL Server 2008 features. This redistributable installer for SQL Server Native Client installs the client components needed during run time to take advantage of new SQL Server 2008 features, and optionally installs the header files needed to develop an application that uses the SQL Server Native Client API. |
Steps for Configuring the Forefront Identity Manager 2010 R2 Test Lab
There are nine steps to follow when setting up the Forefront Identity Manager 2010 R2 test lab based on the Forefront Identity Manager 2010 R2 Test Lab Guide.
Step 1: Set Up the Base Configuration Test Lab - The Base Configuration is the core of all Test Lab Guide scenarios. The first step is to complete the Base Configuration.
Step 2: Set Up the Exchange Server 2010 with Service Pack 1 Test Lab - The second step is to complete the Exchange Server 2010 with Service Pack 1 test lab guide. This provides Active Directory® attributes and e-mail functionality for the FIM Service account.
Step 3: Set Up the SQL Server 2008 R2 Enterprise Test Lab - The third step is to complete the SQL Server 2008 Enterprise with Service Pack 2 test lab guide. This provides the database server for your FIM installation.
Step 4: Set Up the System Center Service Manager SP1 Test Lab – The fourth step is to complete the SCSM SP1 test lab using the additional information outlined in the Test Lab Guide Specific Information and Instructions section. This is required for FIM R2 reporting.
Step 5: Configure FIM1 and FIM2 - The fifth step includes installing the operating system, and then configuring and joining FIM1 to the domain.
Step 6: Install FIM 2010 R2 Prerequisite Software - The sixth step walks you through installing prerequisite software.
Step 7: Perform FIM 2010 R2 Prerequisite Tasks - The seventh step includes performing prerequisite tasks.
Step 8: Install FIM Synchronization Service, FIM Portal, SSPR, and FIM Reporting - The eight step includes performing installation tasks.
Step 9: Perform FIM 2010 R2 Post-Installation Tasks - The ninth step includes performing post installation tasks.
Step 10: Verify the Installation - The tenth step includes verifying the installation was successful.
Test Lab Guide Specific Information and Instructions
The following section is a list of additional information on configuring the test lab. It also includes items that may be omitted from the test lab guides that this test lab builds upon. This is to allow for quicker deployment.
The following is a list of general information and instructions
Internet Explorer 9 was installed and used on all Servers.
You need to ensure that the APP2 and APP3 can communicate with each other. The steps below indicate how to open the firewall ports on APP2 and APP3. Also ensure that Named Pipes is enabled on both APP2 and APP3. If you are still experiencing communication issues try disabling the Windows firewall on APP2 and APP3 to see if that resolves any issues.
For those of us new to SCSM, make sure that the MPSync has completed successfully with the Datawarehouse and that the management packs have been successfully associated. Several management packs are dependent on others so if one doesn’t successfully synchronize it can have a domino effect.
The following is a list of test lab guide specific information and instructions.
The Base Configuration TLG—EDGE1 and INET1 are not required. The steps requiring setup and configuration may be excluded from the setup of the base configuration.
The Exchange Server 2010 with Service Pack 1 TLG— EX1 is not required but a valid mail attribute is required for the FIMService account. A work around is to populate the mail attribute using ADSIEDIT. Please note that future test lab guides that demonstrate workflow and notification will probably use an Exchange server.
The SQL Server 2008 R2 Enterprise TLG—Use the following information for this test lab guide.
When installing SQL 2008 R2 follow the TLG for APP1. In addition to APP1, create two additional servers APP2 and APP3. Install the OS, configure networking with the IP address from the diagram above, and join them to the domain. On APP2 and APP3 install SQL Server 2008 R2 Enterprise to include the additional following additional features:
Database Engine Services
Full-Text Search
Analysis Services
Reporting Services
Business Intelligence Development Studio
Integration Services
Management Tools - Basic
Management Tools - Complete
.png "SQL Feature Selection")
On Step 2, Create the Service Accounts, create two additional accounts so that there is a total of 4 SQL Service accounts. These two additional accounts are for Reporting and the Analysis Services.
Table 1 – Service Accounts
Full name User logon name Forest Password SQL Server Agent
SQLAgent
corp.contoso.com
Pass1word$
SQL Server Database Engine
SQLDatabase
corp.contoso.com
Pass1word$
SQL Reporting Service Account
SQLReport
corp.contoso.com
Pass1word$
SQL Analysis Service Account
SQLAnalysis
corp.contoso.com
Pass1word$
.png "SQL Server Accounts")
During Step 3 some additional setup screens will be added to the SQL Server 2008 R2 Setup. On the Anaysis Services Configuration screen, select Add Current User and click Next. On the Reporting Services Configuration screen, keep the default of Install the native mode default configuration and click Next.
.png "SQL Analysis")
.png "SQL Reporting")
The System Center Service Manager SP1 TLG - Use the following information for this test lab guide.
The SCMSMSP1 TLG uses the User1 account to install the SC Management Server and the Data warehouse. For purposes of this guide, use the CORP\Administrator to install the SC Management Server and the Data warehouse.
Modify the System Center Service Manager with Service Pack 1 test lab guide to use two brand new servers, APP2 and APP3. We will reserve APP1 for the FIM databases. APP2 will hold the SC Management Server and Management Server database. APP3 will be the data warehouse.
Prior to installing SCSM SP1 Management Server and the data warehouse, install Windows Powershell on APP2 and APP3. This is required to run the Data Warehouse Registration Wizard. This can be done by adding Features in Server Manager.
Use the steps outlined in the following article to ensure reporting is setup and functioning correctly –Registering with the Service Manager 2010 SP1 Data Warehouse to Enable Reporting The final step of this process involves allowing the management packs to synchronize with the data warehouse. This step can take a while to complete.
This guide provides steps for configuring the computers of the Forefront Identity Manager 2010 R2 test lab. The following sections provide details about how to perform these tasks.