R
RichardG
Hi,
We are currently installing Project Server 2007 on a newly procured farm. I
have looked at several installation/deployment guides, including the
Microsoft one at: http://technet.microsoft.com/en-us/library/cc197479.aspx,
the book "Microsoft Office Project Server 2007 Unleashed" (Quantum PM), and
the book "Implementing and Administering Microsoft Office Project Server
2007" (Chefetz and Howard).
One question that has come up has to do with the number of service accounts
we need. I understand that for a fully secured environment with
out-hosting, six or seven separate accounts might be used (FarmAdmin, WSS
Search, WSS Search Content access, SSP AppPool, SSP Service, AppPool, plus a
Setup User account). On my simple single-server VMs I have used a single
account for all services. I suspect that for our purposes, the ideal lies
somewhere between these two extremes - we want to balance reasonable
security with ease of administration.
What would be the minimum number of service accounts to use in order to
produce a reliable solution that has a relatively low administration
overhead? What would those accounts be, and what services would run under
each one?
Some additional info:
The farm has three servers: a WFE/Application server, a SQL Server 2005
database server, and a SSRS 2005 reports server.
All servers are running Windows Server 2003 x64 Standard Edition
We will not be using the OLAP/Analysis Services functionality.
This implementation is accessible from the company intranet only; nothing is
exposed externally.
We will eventually enable Kerberos authentication, but will use NTLM
initially.
Thanks,
Richard
We are currently installing Project Server 2007 on a newly procured farm. I
have looked at several installation/deployment guides, including the
Microsoft one at: http://technet.microsoft.com/en-us/library/cc197479.aspx,
the book "Microsoft Office Project Server 2007 Unleashed" (Quantum PM), and
the book "Implementing and Administering Microsoft Office Project Server
2007" (Chefetz and Howard).
One question that has come up has to do with the number of service accounts
we need. I understand that for a fully secured environment with
out-hosting, six or seven separate accounts might be used (FarmAdmin, WSS
Search, WSS Search Content access, SSP AppPool, SSP Service, AppPool, plus a
Setup User account). On my simple single-server VMs I have used a single
account for all services. I suspect that for our purposes, the ideal lies
somewhere between these two extremes - we want to balance reasonable
security with ease of administration.
What would be the minimum number of service accounts to use in order to
produce a reliable solution that has a relatively low administration
overhead? What would those accounts be, and what services would run under
each one?
Some additional info:
The farm has three servers: a WFE/Application server, a SQL Server 2005
database server, and a SSRS 2005 reports server.
All servers are running Windows Server 2003 x64 Standard Edition
We will not be using the OLAP/Analysis Services functionality.
This implementation is accessible from the company intranet only; nothing is
exposed externally.
We will eventually enable Kerberos authentication, but will use NTLM
initially.
Thanks,
Richard