Jaa


Security Planning for Service Provider Foundation

 

Updated: May 13, 2016

Applies To: System Center 2012 SP1 - Orchestrator, System Center 2012 R2 Orchestrator

This topic provides an overview of Service Provider Foundation security features and describes the security considerations for your deployment. You should create any required accounts and groups and determine if you have any additional security requirements before you start your Service Provider Foundation installation.

Security features

Service Provider Foundation provides a tightly coordinated implementation of Windows and Internet Information Services (IIS) security features. Note that credentials in a domain in the Active Directory must be used.

Service Provider Foundation relies on IIS to authenticate users. Starting with System Center 2012 R2, Service Provider Foundation accepts only the Secure Sockets Layer (SSL) requests protocol from its provider endpoints using the default port of 8090. Only HTTPS requests are accepted. Typically, the request should have the security context of the user who is logged on to the make the request.

When the setup wizard installs a web service, it creates a local security group on the computer that runs the web service. You can specify users or groups that have access to each web service. The wizard assigns those users or groups to a local security group. Service Provider Foundation checks that the user who sends the request belongs to the appropriate local security group.

In addition the wizard creates application domains pools in Internet Information Services (IIS) for each web service. You can specify the Network Service account or an account that also belongs to the security group.

The wizard creates the following security groups application pools as shown on the following table.

Security Group Name Application Pool Name
SPF_Admin Admin
SPF_Provider Provider
SPF_VMM VMM
SPF_Usage Usage

After you install Service Provider Foundation, you must verify that the credentials for System Center 2012 – Virtual Machine Manager and the other service providers are configured correctly, as described in Manage Web Services and Connections in Service Provider Foundation.

See Also

Capacity Planning for Service Provider Foundation
How to Install Service Provider Foundation for System Center 2012 SP1
Setup Command-Line Options for Service Provider Foundation
Deploying Service Provider Foundation
Administering Service Provider Foundation
Architecture Overview of Service Provider Foundation