Service Manager 2010 RTM Design

baasopchoppySecurity

Nov 5, 2013 (3 years and 7 months ago)

95 views

Service Manager 2010 RTM Design

Contents

Service Manager Parts

................................
................................
................................
............................

2

Key Considerations:

................................
................................
................................
................................

3

Software R
equirements for Service Manager

................................
................................
.........................

4

Service Manager Service Accounts

................................
................................
................................
.........

8




Service Manager Parts

There are six major parts of a System Center Service Manager

2010 installation, as summarized in
the following table.

Service Manager Part

Description

Service Manager management
server

Contains the main software part of a Service Manager
installation. You can use the Service Manager management
server to manage incidents, changes, users, and tasks.


Service Manager database

The database that contains Service Manager configuration items
(CI) from the IT Enterprise, work items such as incidents, change
requests, and the configuration for the product itself. This is
Service Manager’s implementation of a Configuration
Management Database (CMDB).


Data warehouse management
server


The comput
er that hosts the server piece of the data warehouse.

Data warehouse database

This is the database that provides long
-
term storage of the
business data that is generated by Service Manager. This
database is also used for reporting.


Service Manager conso
le

The user interface piece that is used by both the help desk
analyst and the help desk administrator to perform Service
Manager functions such as incidents, changes, and tasks. This
piece is automatically installed when you deploy a Service
Manager manag
ement server. Additionally, you can manually
install the Service Manager console as a stand
-
alone piece on a
computer.


Self
-
service portal

The self
-
service portal is installed on a computer that hosts
Windows Server

2008 and Internet Information Services

(IIS)

7.
The self
-
service portal provides a Web
-
based console for both
end users and analysts. The end user console allows users to
submit incidents, search knowledge articles, read
announcements, reset passwords (requires Identity Lifecycle
Management),
and self
-
service software provisioning (requires
System Center Configuration Manager). The analyst console
allows users to view change requests.





Key Considerations:


1.

To be able to recover Server Manager 2010 RTM, the databases must on separate
servers to
the management servers


2.

The SQL Servers should have a minimum of
2 quad core processors (2.66 GHz CPU) and
8 GB
RAM.

With regard to disk space:


a.

The Service Manager database should have a minimum of 100 GB disk space
available


b.

The Service Manag
er datawarehouse should have a minimum of 500 GB disk space
available


3.

The Service Manager Management Server should have a minimum of 2 quad core processors
(2.66 GHz CPU) and 8 GB RAM.


4.

The Data Warehouse Management Server should have a minimum of 1 dual
core processor
(2.66 GHz CPU) and 8 GB RAM.




Software Requirements for Service Manager


Service Manager management
server and data warehouse
management server




The 64
-
bit edition of Windows Server

2008 Standard or
the 64
-
bit edition of Windows Server

200
8 Enterprise




Micros
oft .NET Framework

3.5 with SP1




For this release, the system locale setting for the server
operating system must be configured for
English
(United States)

on the computer hosting the Service
Manager management server, the Service Manag
er
database, the data warehouse management server,
and the data warehouse databases.




Install the Authorization Manager hotfix (KB975332)

and the Microsoft Report Viewer Redistributable
security update (KB97119)



Service Manager and Data
warehouse
databases




The 64
-
bit edition of Windows Server

2008 Standard
with SP1 or the 64
-
bit edition of Windows Server

2008
Enterprise with SP1




The 64
-
bit version of SQL Server

2008 with SP1




F
or Datawarehouse

-

SQL Server Reporting Services
(SSRS) in SQL
Server

2008 with SP1





Mi
crosoft .NET Framework

3.5




The SQL Server collation settings must be the same for
the computers hosting the Service Manager and data
warehouse databases.




SQL FTS: Full
-
text search must be installed.




You must configure SQL
Server to use case insensitive
databases.




Service Account configured as Local System.




SQL Server Reporting Services
must be

configured and
running

and installed using the native mode default
configuration.




The collation in SQL Server must be identic
al on both
computers that host the Service Manager and the data
warehouse databases.

It should be:
Latin1_General_100_CI_AS




Install the Authorization Manager hotfix (KB975332)

and

the Microsoft Report Viewer Redistributable security
update (KB97119)




Man
ually Configure SQL Reporting Services **

see
below


Self
-
Service Portal

(do not install on
DW MS as it will affect reporting)




The 64
-
bit edition of
Windows Server

2008
Standard or
the 64
-
bit edition of Windows
Server

2008 Enterprise




Microsoft Internet Information Services

7 with IIS

6
metabase compatibility installed

with Windows
Authentication

and Basic Authentication




ASP.NET

2.0




A Secure Sockets Layer (SSL) certificate will be
required on the IIS server that hosts the Self
-
Service

Portal.




The following software is optional and provided for
additional functionality:

o

Microsoft Identity Lifecycle Manager (allows for
password reset)

o

System Center Configuration Manager

2007
(allows for self
-
service software provisioning)




It is recomme
nded recommend that you add the
Self
-
Service Portal Web site to the Trusted sites or
Local Intranet zones in Internet Explorer. By default,
Web sites in the Trusted sites and Local intranet
zones have Active scripting enabled. If you choose
not to add Self
-
Service Portal Web site to the
Trusted sites or Local Intranet zones, you must
enable Active scripting for Web browsers that
access the Self
-
Service Portal.




Install the Authorization Manager hotfix (KB975332)
and

the Microsoft Report Viewer Redistributa
ble
security update (KB97119)






Manual Steps to Configure the Remote SQL Server Reporting Services

During deployment of the Service Manager data

warehouse management server, you can specify the
server to which Microsoft SQL Server Reporting Services (SSRS) will be deployed. By default, the
computer that is hosting the data warehouse management server is selected during setup. If you
specify a diff
erent computer, you are prompted to follow this procedure to configure the remote
SSRS server. Before you follow this procedure, you must perform the following actions:



Copy Microsoft.EnterpriseManagement.Reporting.Code.dll from the Service Manager insta
llation
media to the computer that is hosting SSRS.



Add a code segment to a configuration file on the computer that is hosting SSRS.


If you used the default instance of SQL Server, use Windows Explorer to drag
Microsoft.EnterpriseManagement.Reporting.Co
de.dll (which is located in the Prerequisites folder on
your Service Manager installation media) to the folder
\
Program Files
\
Microsoft SQL
Server
\
MSRS10.MSSQLSERVER
\
Reporting Services
\
ReportServer
\
Bin on the computer that is hosting
SSRS. If you did not u
se the default instance, the path of the required folder is
\
Program
Files
\
Microsoft SQL Server
\
MSRS10.<INSTANCE_NAME>
\
Reporting Services
\
ReportServer
\
Bin. In
the following procedure, the default instance name is used.

1.

On the computer that is hosting SSRS, open an instance of Windows Explorer.

2.

In Windows Explorer, locate the folder
\
Program Files
\
Microsoft SQL
Server
\
MSRS10.MSSQLSERVER
\
Reporting Services
\
ReportServer
\
Bin.

3.

Start a s
econd instance of Windows Explorer, locate the drive that contains the Service
Manager installation media, and then open the Prerequisites folder.

4.

In the Prerequisites folder, click
Microsoft.EnterpriseManagement.Reporting.Code.dll

and
drag it to the fo
lder
\
Program Files
\
Microsoft SQL
Server
\
MSRS10.MSSQLSERVER
\
Reporting Services
\
ReportServer
\
Bin.

1.

On the computer that is hosting SSRS, locate the file rssrvpolicy.config

in the folder
\
Program
Files
\
Microsoft SQL Server
\
MSRS10.MSSQLSERVER
\
Reporting Services
\
ReportServer.

2.

Using an XML editor of your choice, open the rssrvpolicy.config file.

3.

Scroll through the rssrvpolicy.config file and locate the
CodeGroup

code segm
ents. The
following code shows an example of a
CodeGroup

segment.

<CodeGroup


class="UnionCodeGroup"


version="1"


PermissionSetName="FullTrust">


<IMembershipCondition


class="UrlMembershipCondition"


version="1"

To copy the Microsoft.EnterpriseMana
gement.Reporting.Code.dll file

To add a code segment the rssrvpolicy.config file


Url="$CodeGen$/*"


/>

</CodeGroup>

4.

Add the following
CodeGroup

segment to the same section as the other
CodeGroup

segments in the rssrvpolicy.config file.

<CodeGroup


class="UnionCodeGroup"


version="1"


PermissionSetName="FullTrust"


Name="Microsoft Syste
m Center Service Manager Reporting Code Assembly"


Description="Grants the SCSM Reporting Code assembly full trust permission.">


<IMembershipCondition


class="StrongNameMembershipCondition"


version="1"


PublicKeyBlob="0024000004800000940000000602000000240000525341310004000001000100B
5FC90E7027F67871E773A8FDE8938C81DD402BA65B9201D60593E96C492651E889CC13F1415EBB53
FAC1131AE0BD333C5EE6021672D9718EA31A8AEBD0DA0072F25D87DBA6FC90FFD598ED4DA35E44C3
98C454307E
8E33B8426143DAEC9F596836F97C8F74750E5975C64E2189F45DEF46B2A2B1247ADC36
52BF5C308055DA9"

/>

</CodeGroup>

5.

Close the XML editor and save the changes.



Service Manager Service Accounts


Service Account



User
\

Group


User
\

Group Name


Group Membership


Service Manager DB Admins



Group


SMDBAdmins


Local Admin on all Service Manager
servers



Service Manager DW Admins



Group


SMDWAdmins


Local Admin on all Service Manager
servers



Service Manager (DB) Service



User


SMDBService


OpsMgr Admins
, SM DB Admins


Service Manager Workflow
Account



User


SMDBWorkflow


OpsMgr Admins, SM DB Admins


Service Manager (DW) Service



User


SMDWService


OpsMgr Admins, SM DB Admins


Service Manager Reports
Service




User


SMDWReports


OpsMgr Admins
, SM DB Admins


Service Manager DW
Registration Account



User


SMDBReg


OpsMgr Admins, SM DB Admins, SM DW
Admins


Active Directory Connector
Account



User


SMADConnector


SMDB Admins, SMDW Admins


OpsMgr Connector Account



User


SMOMConnector


OpsMgr Admins, SMDB Admins, SMDW
Admins



ConfigMgr Connector Account



User


SCCMConnector


SMDB Admins, SMDW Admins