Configure Secure Store Service for a BI test environment

 

Applies to: SharePoint Server 2010

Important

This article is part of the baseline setup for the Configuring a BI infrastructure: Hands-on labs series. To complete the steps in this article, you must first have completed Install and configure SharePoint Server 2010 for a BI test environment.

In this article we deploy Secure Store Service. Secure Store provides a means of storing encrypted credentials for use in accessing data sources. It is used by Excel Services, Visio Services, and PerformancePoint Services to provide data refresh for data-connected reports, dashboards, and web drawings.

In a production environment, correct deployment of Secure Store requires careful planning. For information about how to plan and deploy Secure Store in your production environment, see Plan the Secure Store Service (SharePoint Server 2010) and Configure the Secure Store Service (SharePoint Server 2010).

Video demonstration

This video shows how to deploy the Secure Store Service for use in these labs.

Image of video

Running time: 5:05

Play video Watch the video.

Download video For an optimal viewing experience, download the video.

Right-click the link, and then click Save Target As to download a copy. Clicking the link opens a .wmv file in the default video viewer for full-resolution viewing.

Deploy the Secure Store Service

In this lab, we will deploy the Secure Store Service for use in the later labs in this series. This includes the following tasks:

  • Creating an Active Directory account to run the Secure Store Service application pool

  • Registering that account as a managed account in Microsoft SharePoint Server 2010

  • Starting Secure Store Service on an application server in the farm

  • Creating a Secure Store Service service application

  • Generating an encryption key

The first step is to create an Active Directory account for the Secure Store Service application pool. Use the following procedure to create the account.

To create an account for the application pool

  1. Log in to Contoso-DC by using the Contoso\administrator account.

  2. On the Contoso-DC virtual machine, click Start, click Administrative Tools, and then click Active Directory Users and Computers.

  3. Expand the contoso.local node.

  4. Right-click Users, click New, and then click User.

  5. In the Full name text box and the User logon name text box, type SecStrAcct.

  6. Click Next.

  7. In the Password and Confirm password text boxes, type a password for the account.

  8. Clear the User must change password at next logon check box.

  9. Select the Password never expires check box.

  10. Click Next.

  11. Click Finish.

  12. Log off Contoso-DC.

Before the account can be used to run a SharePoint Server 2010 application pool, it must be registered as a managed account. Use the following procedure to register the managed account.

To register a managed account

  1. Log in to Contoso-AppSrv by using the Contoso\FarmAdmin account.

  2. Click Start, click All Programs, click Microsoft SharePoint 2010 Products, and then click SharePoint 2010 Central Administration.

  3. On the Central Administration home page, in the left navigation, click Security.

  4. On the Security page, under General Security, click Configure managed accounts.

  5. On the Managed Accounts page, click Register Managed Account.

  6. In the User name text box, type Contoso\SecStrAcct.

  7. In the Password text box, type the password for the Contoso\SecStrAcct account.

  8. Click OK.

In order for Secure Store to work, you must start Secure Store Service on at least one application server in the farm.

Note

In a production environment we recommend that you run Secure Store Service in a separate application pool that is not used for any other service.

In the case of this lab, Contoso-AppSrv is the only application server in the farm, so we start the service on that server. Use the following procedure to start Secure Store Service.

To start Secure Store Service

  1. On the Central Administration home page, in the System Settings section, click Manage services on server.

  2. Above the Service list, click the Server drop-down list, and then click Change Server.

    Note that the application server, Contoso-AppSrv, is listed together with Contoso-SQL. In a farm with multiple application servers, you would use this dialog box to select the server where you want to run Secure Store Service, and then start the service as shown later in this procedure.

  3. Click CONTOSO-APPSRV.

  4. In the Service list, click Start next to Secure Store Service.

Once the service is running, the next step is to create a Secure Store Service service application. Use the following procedure to create the service application.

To create a Secure Store Service service application

  1. On the Central Administration home page, in the Application Management section, click Manage service applications.

  2. On the Manage Service Applications page, click New, and then click Secure Store Service.

  3. In the Service Application Name text box, type Secure Store Service.

  4. Leave the default database settings.

    Note

    In a production environment we recommend that you use a separate instance of SQL Server for the Secure Store database.

  5. Select the Create new application pool option and in the Application pool name text box, type SecureStoreAppPool.

  6. Under Select a security account for this application pool, select the Configurable option, and from the drop-down list, select Contoso\SecStrAcct.

  7. Click OK.

  8. When the Secure Store Service service application has been successfully created, click OK.

Before you can use Secure Store, you must first generate an encryption key. Use the following procedure to generate the key.

To generate a key

  1. On the Central Administration home page, in the Application Management section, click Manage service applications.

  2. Click the Secure Store Service service application link.

  3. On the Secure Store Service Application page, in the ribbon, click Generate New Key.

  4. Type and confirm a pass phrase for the key, and then click OK.

Now that Secure Store configuration is complete, the next step is to create a Business Intelligence Center. See the next lab, Configure a Business Intelligence Center for a test environment.