Export (0) Print
Expand All

Security Planning for Service Provider Foundation

Updated: November 1, 2013

Applies To: System Center 2012 R2 Orchestrator, System Center 2012 SP1 - Orchestrator

This topic provides an overview of Service Provider Foundation security features and describes the security considerations for your deployment. You should create any required accounts and groups and determine if you have any additional security requirements before you start your Service Provider Foundation installation.

Security features

Service Provider Foundation provides a tightly coordinated implementation of Windows and Internet Information Services (IIS) security features. Note that credentials in a domain in the Active Directory must be used.

Service Provider Foundation relies on IIS to authenticate users. Starting with System Center 2012 R2, Service Provider Foundation accepts only the Secure Sockets Layer (SSL) requests protocol from its provider endpoints using the default port of 8090. Only HTTPS requests are accepted. Typically, the request should have the security context of the user who is logged on to the make the request.

When the setup wizard installs a web service, it creates a local security group on the computer that runs the web service. You can specify users or groups that have access to each web service. The wizard assigns those users or groups to a local security group. Service Provider Foundation checks that the user who sends the request belongs to the appropriate local security group.

In addition the wizard creates application domains pools in Internet Information Services (IIS) for each web service. You can specify the Network Service account or an account that also belongs to the security group.

The wizard creates the following security groups application pools as shown on the following table.

 

Security Group Name Application Pool Name

SPF_Admin

Admin

SPF_Provider

Provider

SPF_VMM

VMM

SPF_Usage

Usage

After you install Service Provider Foundation, you must verify that the credentials for System Center 2012 – Virtual Machine Manager and the other service providers are configured correctly, as described in Manage Web Services and Connections in Service Provider Foundation.

See Also

-----
For additional resources, see Information and Support for System Center 2012.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012. For instructions and examples, see Search the System Center 2012 Documentation Library.
-----
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft