SSO Deployment Overview
The system in this example is deployed over three domains, containing the following computers:
Domain ORCH.com
ORCH domain controller
HIS1, the HISSO server
HIS2, the Master Secret Server
HIS3, the Admin database
Domain SQL.com
SQL domain controller
SQL2, the SSO database
Domain HIS.com
HIS domain controller
HIS4 database
The key points defining this deployment are as follows:
Domain ORCH.com and domain SQL.com have a two-way selective trust relationship.
Domain ORCH.com is configured as native Windows Server 2008 SP2 or Windows Server 2008 R2 functional level.
All SSO services are running on an ORCH.com domain user account (Orch\SSOSvcUser). The user is configured to have access permission on the SQL2 machine in the SQL.com domain. The user is configured for protocol transition and constrain delegation within the ORCH.com domain.
Another ORCH.com domain user (Orch\TestAppUser) is set for running test programs. This user is also configured for protocol transition and constrain delegation.