Planning your infrastructure

In planning the infrastructure for your deployment, you should consider how to create a modular, scalable foundation that allows you to add physical resources as needed.

It is important to consider which components are the most critical to your operation and create an infrastructure that supports redundancy and scalability for these components. For example, if you want to ensure maximum availability for provisioning, run the provisioning components on separate, load-balanced servers. For more information about clustering and load balancing, see Implementing redundant servers.

Servers and components

The following table lists the recommended server configuration for supporting hosted Internet Information Services (IIS) and Exchange services. In this configuration, the core Microsoft Provisioning System components run on separate servers from the client components for increased security and operational efficiency. The servers can run in a basic configuration or a redundant configuration, as described later in this topic.

Server type Microsoft Provisioning System components Required software Notes
Domain controller None Microsoft Windows 2000 Server, Active Directory, Domain Name System (DNS) service It is recommended that you install Active Directory on a dedicated domain controller. For a single-server configuration used for testing purposes, you can run all Microsoft Provisioning System components, including the domain controller, on the same computer. For distributed deployments using more than one server, however, you must run Active Directory on a dedicated server. Running a domain controller along with other components on the same server is not supported.
Front-end server Microsoft Provisioning Framework (MPF) client components, Delegated Administration Console, MPF queue manager (optional) Windows 2000 Server, IIS 5.0, Microsoft Data Access Components (MDAC) 2.6.1 Delegated Administration Console and the MPF client components must be installed on the same server for Delegated Administration Console to function properly. If you are planning to run the Provisioning Queue Manager service, you must install the MPF queue manager on the same server as the MPF client components. The front-end, outward-facing network provides communication with and connectivity to the Internet from the firewall. All client requests are transferred to and from the front-end servers. To secure client requests, it is recommended that you implement Secure Sockets Layer (SSL) security. For load-balancing the front-end servers, you can use a solution such as Network Load Balancing service, which is included with Windows 2000 Advanced Server. For more information, see Implementing redundant servers.
Provisioning server MPF core components, MPF service providers, Resource Manager engine, Provisioning Manager, queue manager Windows 2000 Server, Exchange System Management Tools, MDAC 2.6.1 For a description of MPF components, see "Installation components" in Performing installation tasks.
Database server MPF database components (Resource Manager database, configuration database, transaction log database, audit log database) Windows 2000 Server, SQL Server 2000 Service Pack 1 or later For performance and redundancy, use a SQL cluster and install all databases on this cluster. For a description of MPF components, see "Installation components" in Performing installation tasks.
Web hosting server None Windows 2000 Server, IIS 5.0 Provide Web hosting services on a dedicated server to maximize availability and performance.
Exchange hosting server None Windows 2000 Advanced Server, Microsoft Exchange 2000 Enterprise Server Service Pack 2 Provide hosted Exchange services on a dedicated server to maximize availability and performance.

For more information about required hardware and software for running each Microsoft Provisioning System component, see Installing Microsoft Provisioning System.

Basic and redundant configurations

A basic system includes the six servers listed in the previous table, connected on a network within a single forest and a single domain. Use the recommended configuration as a baseline for designing your system, and add servers as needed to support anticipated demand.

It is recommended that you use a redundant configuration to support both Exchange and IIS hosted services to maximize availability. If any component fails, the system fails over to its redundant counterpart. A fully redundant infrastructure consists of twelve or more servers connected on a network within a single domain, comprising at least two servers of each type listed in the previous table.

The following figure depicts a configuration that deploys the components just as they are described in the previous table. For a fully redundant configuration, additional servers of each type are added.

Basic and redundant server configurations