A request is an XML document containing data, a single procedure, and any contextual information needed to execute a provisioning task such as setting up new users in a data center. The structure of the procedure is defined in the procedure's namespace.
Requests enter Microsoft® Provisioning Framework (MPF) via the client. SOAP requests are filtered by SOAP ISAPI.
What happens next depends on the nature of the request. Requests to be executed immediately go directly to a provisioning engine. Requests batched for delayed processing are received initially by queue managers and then sent to the provisioning engine.
Once it receives the request, the provisioning engine executes the procedure steps and XSL transformations, then passes the resulting data to providers called by the request. MPF includes a number of standard providers. For example, a request to create new users could go to the provider that executes operations on Microsoft® Active Directory®. Alternately, you can develop custom providers and procedures for unique situations.
In addition to providers, request execution also involves the following components that manage transaction processing and data storage. The databases are all Microsoft® SQL Server databases.
- The configuration database contains namespace definitions for providers and runtime parameters for provisioning server components.
- Transaction logs store the real-time state of all committed and rolled-back transactions running in provisioning engines.
- The audit log permanently stores control data on all successful and failed transactions, including transaction ID, transaction status, client transaction ID, name of the calling user, and the names of all procedures that a request executed.
- All transaction log and audit log servers in an MPF installation are bound to an auditing and recovery service. This service detects crashes in provisioning engines and initiates rollback, clears old transactions and queues and transfers audited transactions to the audit log, and executes SQL commands against the audit log.
In addition to processing requests, MPF can also help administrators optimize consumption of resources within a data center. Resource Manager can be set up to generate notifications whenever resources are over- or underutilized.
MPF security is tightly integrated with Windows® NT authentication and the authorization mechanisms employed by services such as Active Directory. Only authorized users can execute provisioning requests.
Application Programming Interfaces, Security, Administration Tools
Top of Page
© 1999-2002 Microsoft Corporation. All rights reserved.