An EmpowerID deployment contains three major component groups: the server services, the web server components, and the Windows desktop client applications. Each group is comprised of the following:
EmpowerID Web Role: The Web Role service is used for processing EmpowerID Web Service Garden, EmpowerID SQL Web Services, EmpowerID Web Services, and EmpowerID Workflow Web Services. This service hosts jobs that perform the following tasks in an EmpowerID deployment: 1) performs escalation, 2) performs heartbeat check for WF service, and 3) provides event publication and subscription.This service is required on all EmpowerID web servers. has no inbound connections so does not listen on a port or require SSL port bindings. It is required on all EmpowerID web servers.
EmpowerID Worker Role: This service has no inbound connections so does not listen on a port or require SSL port bindings. It requires IIS and is used for processing EmpowerID Web Service Garden (which is used for all of its Worker Process functions). The Worker Role service hosts jobs that perform the following tasks in an EmpowerID deployment: 1) performs the RBAC service and Execution Runtime, and 2) performs Daemon services.
EmpowerID RADIUS - This service is used to provide RADIUS authentication for routers, switches, and other RADIUS-compliant devices.
EmpowerID LDAP - This service is used to provide LDAP virtual directory authentication and data services for exposing EmpowerID Identity Warehouse data and data in connected directories as a single unified LDAP directory with a flexible schema.
EmpowerID Reverse Proxy - This service is used to provide single sign-on and authorization for users accessing an organizations web applications. The reverse proxy service stands in front of the web applications and services end user requests. In each case, requests are intercepted and access is authorized by EmpowerID Role-Based and Attribute-Based authorization policies.
Windows desktop client applications
EmpowerID Management Console
Password Manager Windows XP GINA Extension
Password Manager Windows 7/2008 Credential Provider
Web server components
EmpowerID ASP.NET Web Application
EmpowerID Features for Microsoft SharePoint
To ensure a smooth install, make sure EmpowerID files, including websites and programs, are excluded from anti-virus scanning software settings.
For https, an SSL certificate must be set up for EmpowerID.
There are seven separate application pools in IIS that EmpowerID uses to distribute processing:
EmpowerID Exchange Services: This application pool manages handles all Exchange-related requests.
EmpowerID SQL Web Services: This application pool manages all SQL over WCF traffic.
EmpowerID Web Reports: This application pool manages all requests related to EmpowerID's integration with Reporting Services.
EmpowerID Workflow Web Services: This application pool manages all traffic related to workflow requests made to EmpowerID.
EmpowerID Web Services: This application pool is a catch-all for all other WCF service calls.
EmpowerID Web Service Garden: This application pool manages any EmpowerID processes that need to scale based on load, by spooling up multiple worker threads to distribute the load and provide high availability.
EmpowerID IdPs: This application pool includes 1) EmpowerIDWebIdPForms, which handles identity providers that do not require special settings, holds all OAuth traffic (e.g., Yammer, PayPal), OpenID traffic, EmpowerID's own native forms traffic, EmpowerID's internal authentication provider, and remote identity providers; 2) EmpowerIDWebIdPSmartCard, which handles SmartCard authentication; 3) EmpowerIDWebIDPWindows, which disables other authentication methods and only enables Windows authentication; and 4) EmpowerIDWebIdPWSFederation, which does no authentication but internally handles packet traffic sent by WS-Federation service providers.
EmpowerID: This application pool handles all EmpowerID Service Provider traffic for the EmpowerID Web Application along with all ClickOnce Installer requests.