Specify how Microsoft Provisioning Framework (MPF) handles
requests
You can control how MPF processes requests by modifying the
properties of provisioning engines. You set properties for all
provisioning engines, not for specific servers.
You can modify the following transaction properties for
provisioning engines:
Requests security
This property controls which users and groups can submit
requests to provisioning engines and the type of requests they can
submit. Options for submitting requests include the following:
- Execute procedures
A user with Execute Procedures permissions can run only MPF
procedures that do not change the XML of a procedure. These
procedures must be part of a namespace that is registered in the
configuration database.
- Execute with caller's credentials
Users with Execute with Caller's Credentials permission can pass
a security context in the request. Setting the Execute Trusted
Procedures permission to Allow automatically sets the
Execute with Caller's Credentials permission to Allow.
- Execute trusted procedures
A users with Execute Trusted Procedures permissions can run MPF
procedures that change the XML of a procedure. These procedures can
be executed without being previously registered in the
configuration database. The default users and groups with execution
permissions for executing trusted procedures include:
Administrator, MPFAdmins, and MPFTrustedUsers.
- Execute private procedures
A user with Execute Private Procedures permissions can run only
MPF procedures that originate with within MPF. These procedures are
marked as private in the configuration database.
For more information or related security topics, see Managing security.
Audit
level
You can save information about transactions, procedures, and
errors to the audit log, where it can be used later for data mining
or error checking. The data that you can save for transactions
includes information such as the transaction identifier, site, and
server name. The data you can save for procedures includes
information such as the transaction identifier, step number,
namespace, and procedure name. The data you can save for errors
includes information such as the transaction identifier, source,
error code, and event description.
Since the number of transactions in a data center can become
very large, logging all information about every transaction,
procedure, and error can require excessively large databases. Using
Provisioning Manager, you can reduce the size of the databases by
specifying which information to save to the audit log, limiting it
to only the information that you require.
You have the following options for saving data to the audit log
database. Note that you can select more than one option:
- Transactions with errors
Save to audit all transaction with errors. This option is
checked by default.
- Transaction marked for audit
Save to audit all transactions containing one or more procedures
marked for audit. This option is checked by default.
- Aborted transactions
Save to audit all aborted transactions. This option is checked
by default.
- Transactions in doubt
Save to audit all transactions in doubt. This option is checked
by default.
- Successful transactions
Save to audit all successful transactions.
- All transactions
Save to audit all transactions.
- Errors
Save to audit all errors. This option is checked by default.
- Audit data
Save to audit the audit data. This option is checked by
default.
- All transaction data
Save to audit all transaction data. This option is checked by
default.
- Procedures marked for audit
Save to audit all MPF procedures marked for “Save to audit.”
This option is checked by default.
- Aborted procedures
Save to audit all aborted MPF procedures. This option is checked
by default.
- Procedures in doubt
Save to audit all MPF procedures in doubt. This option is
checked by default.
- Successful procedures
Save to audit all successful MPF procedures.
- Failed procedures
Save to audit all failed MPF procedures. This option is checked
by default.
- All procedures
Save to audit all MPF procedures.
Enable schema validation
This property specifies if the provisioning engines validate
input against the XML schema before invoking a procedure. If the
validation fails, MPF returns an error to the caller.
Important
- You should enable schema validation only when testing new
functionality. If you enable schema validation in a production
environment, you might experience significant performance
problems.
Transaction log pool size
This property specifies the maximum number of connections that
can be established to one transaction log database. The default
setting is 100 simultaneous connections.
Trans
log time-out
Provisioning engines save the state of requests in progress to
one of the transaction log databases. If the network connection or
the computer with the transaction log database experiences a
failure, this property specifies the time in seconds to wait before
the provisioning engine starts sending requests again to the
database server that failed to respond. The default setting is 300
seconds.
For more information about how to configure provisioning engines
properties, see Change how
provisioning engines process transactions.