規劃 SPF 部署Plan SPF deployment

重要

此版本的 Service Provider Foundation (SPF) 已達終止支援,建議您 升級至 SPF 2019This version of Service Provider Foundation (SPF) has reached the end of support, we recommend you to upgrade to SPF 2019.

本文可協助您在部署 System Center-Service Provider Foundation (SPF) 之前,先準備好必要條件和規劃步驟。This article helps you to get the prerequisites and planning steps in place, before you deploy System Center - Service Provider Foundation (SPF).

部署必要條件Deployment prerequisites

SPF 的部署需求包括:Deployment requirements for SPF include:

  • 確定您具有 SPF 伺服器的最低硬體和軟體需求。Make sure you have the minimum hardware and software requirements on the SPF server.
  • SPF 伺服器需要 SQL Server 它的資料庫。The SPF server needs SQL Server for its database. SQL Server 的資料庫可以是本機或遠端伺服器,而且至少要有 5 GB 的儲存空間。The SQL Server database can be local, or on a remote server and should have at least 5 GB of storage. 當您安裝 SPF 時,您需要指定伺服器名稱和埠號碼。When you install SPF you need to specify the server name and port number.
  • 您應在 SPF 伺服器上安裝 VMM 主控台。The VMM console should be installed on the SPF server. SPF 也可以在與 VMM 管理伺服器相同的伺服器上執行。SPF can also run on the same server as the VMM management server. VMM 必須部署在您的基礎結構中。VMM must be deployed in your infrastructure.
  • 如果您想要使用使用量計量來管理租使用者成本,您需要 System Center Operations Manager 伺服器,以及執行 Windows 2012 R2 或更新版本的資料倉儲伺服器。If you want to use usage metering to manage tenant costs, you need a System Center Operations Manager server, and a Data Warehouse server, running Windows 2012 R2 or later.
  • 下列伺服器管理員功能應該安裝在 SPF 伺服器上:The following Server Manager features should be installed on the SPF server:
    • 角色: Web 服務器 (IIS) Server。Role: Web Server (IIS) server. 包含下列服務:Include the following services:
      • 基本驗證Basic Authentication
      • Windows 驗證Windows Authentication
      • ASP.NET 4.5 的應用程式部署Application Deployment ASP.NET 4.5
      • 應用程式開發 ISAPI 延伸模組Application Development ISAPI Extensions
      • 應用程式部署 ISAPI 篩選器Application Deployment ISAPI Filters
      • IIS 管理指令碼及工具角色服務IIS Management Scripts and Tools Role Service
    • 功能:管理 OData IIS 擴充功能Feature: Management OData IIS Extension
    • 功能: .NET Framework 4.5 功能、WCF 服務、HTTP 啟用Feature: .NET Framework 4.5 features, WCF Services, HTTP Activation
  • 安裝下列 web 服務:Install the following web services:
  • 您需要 SSL 伺服器憑證。You need an SSL server certificate. 您可以在安裝期間自動產生測試憑證,但建議您只針對測試用途使用該憑證,並從 CA 取得適用于生產環境的憑證。You can generate a test certificate automatically during setup but we recommend you use that for testing purposes only, and obtain a certificate from a CA for your production environment.
  • 不支援在同一部伺服器上並存安裝不同的 SPF 版本。A side-by-side installation of different SPF versions on the same server isn’t supported.
  • 您可以在 VM 上安裝。You can install on a VM.
  • 確定您在要安裝 Service Provider Foundation 的電腦上具有具有系統管理許可權的網域使用者帳戶。Make sure that you have a domain user account with administrative privileges on the computers on which you want to install Service Provider Foundation.

系統管理員角色Administrator roles

以下是您需要的系統管理員角色:Administrator roles Here’s what you need:

  • SQL Server 系統管理員:在 SPF 所使用 SQL Server 實例上具有完整系統管理員許可權的 DBA 角色。SQL Server administrator: A DBA role with full administrator rights on the SQL Server instance used by SPF. 系統管理員應該能夠授與建立資料庫的許可權,以及將這些許可權授與 SPF 系統管理員。The administrator should be able to grant permissions to create databases, and to grant those permissions to the SPF administrator.
  • SPF 系統管理員: SPF 管理帳戶應該是您安裝 SPF 之伺服器上的本機系統管理員。SPF administrator: The SPF administration account should be a local administrator on the server on which you install SPF.
  • 應用程式集區使用者:此 IIS 角色應具有 VMM 中的完整系統管理員許可權,以及在 SPF 資料庫上建立、讀取、更新和刪除的許可權。Application pool user: This IIS role should have full administrator permissions in VMM, and permissions to create, read, update, and delete on the SPF database. 在入口網站應用程式中,這些操作可能僅限於特定表格。For portal applications, these operations can be restricted to specific tables.

規劃安全性Plan security

SPF 會實施 Windows 和 IIS 安全性功能。SPF implements Windows and IIS security features. 需求包括:Requirements include:

  • 必須使用網域認證。Domain credentials must be used.
  • SPF 依賴 IIS 進行使用者驗證。SPF relies on IIS for user authentication. 使用預設通訊埠8090只接受來自提供者端點的 SSL (HTTPS) 要求。Only SSL (HTTPS) requests are accepted from provider endpoints, using default port 8090. 一般來說,要求應該具有已登入之使用者的安全性內容,才能提出要求。Typically, the request should have the security context of the logged on user to make the request.
  • 當安裝程式安裝程式安裝 web 服務時,它會在電腦上建立本機安全性群組來執行服務。When the setup wizard installs a web service, it creates a local security group on the computer, to run the service. 您可以指定可存取每個 web 服務的使用者或群組,並將其指派給這個本機群組。You can specify users or groups with access to each web service and assign them to this local group. SPF 會檢查傳送要求的使用者是否隸屬于適當的本機安全性群組。SPF checks that users sending requests belong to the appropriate local security group.
  • 安裝精靈會在 IIS 中為每個 web 服務建立應用程式域集區。The setup wizard creates application domain pools in IIS for each web service. 您可以指定網路服務帳戶,或屬於安全性群組的帳戶。You can specify the Network Service account, or an account that belongs to the security group. Wizard 會建立下列安全性群組應用程式集區:The wizard creates the following security group application pools:
    • SPF_Admin:系統管理員SPF_Admin: Admin
    • SPF_VMM: VMMSPF_VMM: VMM
    • SPF_Provider:提供者SPF_Provider: Provider
    • SPF_Usage:使用量SPF_Usage: Usage

規劃容量Plan capacity

  • 資料庫儲存體: 5 GB 即使適用于大型 SPF 資料庫也已足夠。Database storage: 5 GB is sufficient even for large SPF databases.
  • Web 服務:根據預設,SPF 最多支援其 web 服務的1000個並行要求。Web service: By default, SPF supports up to 1000 concurrent requests for its web services. 在生產環境中,建議您指定較低的數字。We recommend this be a lower number in a production environment. 您可以在 MaxRequestsPerTimeSlot 檔案中指定 C:\inetpub\SPF\web.config 機碼的值來變更此項設定。You can change this configuration by specifying the value for the MaxRequestsPerTimeSlot key in the C:\inetpub\SPF\web.config file.
  • 硬體建議:下列伺服器案例分別適用于下表所列的建議。Hardware recommendations: The following server scenarios each pertain to the recommendations listed in the following table.
    • Virtual Machine Manager (VMM) ,不論是否有 SQL ServerVirtual Machine Manager (VMM) with or without SQL Server
    • 具有或不含 SQL Server 的 Service Provider FoundationService Provider Foundation with or without SQL Server
5000或更少的 Vm5000 or less VMs 5000-12000 Vm5000-12,000 VMs 12000-25000 Vm12,000 - 25,000 VMs
4 顆處理器核心,8 GB 的 RAM4 processor cores, 8 GB RAM 8顆處理器核心,8 GB RAM8 processor cores, 8 GB RAM 16顆處理器核心,8 GB RAM。16 processor cores, 8 GB RAM.

建議適用于執行 VMM 且不含 SQL Server 的電腦。Recommended for computers running VMM with or without SQL Server.

規劃資料庫Plan database

資料庫案例設定共有兩種:There are two database scenario configurations:

  • 安裝 SPF 並連接到現有的資料庫。Install SPF and connect to an existing database. 在此案例中,SPF 系統管理員必須確認資料庫系統管理員已授與資料庫的許可權,如下所示:In this scenario the SPF administrator must verify that the permissions for the database were granted by the database administrator as follows:

    • Alter: Create tablesAlter: Create tables
    • Connect with Grant:連接到現有的資料庫Connect with Grant: Connect to existing database
    • Select with grant、Update with grant、Delete with Grant、Insert with Grant:將許可權授與應用程式集區使用者Select with Grant, Update with Grant, Delete with Grant, Insert with Grant: Grant permissions to application pool users
    • Alter all 登入:建立應用程式集區使用者的 SQL Server 登入。Alter all logins: Create SQL Server logins for application pool users.
  • 建立新資料庫。Create a new database. 在此案例中,資料庫管理員必須建立 (SCSPFDB) 的資料庫,然後 SPF 系統管理員會安裝 SPF,並且擁有視需要設定資料庫的許可權。In this scenario the database administrator must create the database (SCSPFDB) and then SPF administrator installs SPF, and has permissions to configure the database as needed. 例如,加入資料表。For example to add tables. SPF 系統管理員必須在 Internet Information Services (IIS) 中建立 SPF 應用程式集區,並為具有下列許可權的應用程式集區使用者建立資料庫使用者:SPF administrators must create SPF Application Pool in Internet Information Services (IIS) and create a database user for an Application Pool User with the following permissions:

    • 連接:連接到 SPF 資料庫Connect: Connect to the SPF database
    • Select、Update、Delete、Insert:執行基本作業Select, Update, Delete, Insert: Perform basic operations
    • 針對將預設資料庫設定為 SCSPFDB 的應用程式集區使用者,建立 SQL Server 登入。:若要登入 SQL Server 並存取資料庫。Create the SQL Server logon for Application Pool User with default database set to SCSPFDB.: To log on to SQL Server and access the database.

後續步驟Next steps

部署 SPFDeploy SPF