Installation Components

An EmpowerID deployment contains three major component groups: the server services, the web server components, and the Windows desktop client applications. Each group is comprised of the following:

Server services

  • EmpowerID Web Role — The Web Role service is used for processing the EmpowerID Web Service Garden, EmpowerID SQL Web Services, EmpowerID Web Services, and EmpowerID Workflow Web Services. This service hosts jobs that perform the following tasks in an EmpowerID deployment:

    • Performs escalation

    • Performs heartbeat check for WF service

    • Provides event publication and subscription.

The Web Role service has no inbound connections so it does not listen on a port or require SSL port bindings. The service is required on all EmpowerID Web servers.

  • EmpowerID Worker Role — The Worker Role service is responsible for executing all back-end processes. This service hosts jobs that perform the following tasks in an EmpowerID deployment:

    • Performs the RBAC service and Execution Runtime

    • Performs Daemon services.

  • EmpowerID RADIUS — This service is used to provide RADIUS authentication for routers, switches, and other RADIUS-compliant devices.

  • EmpowerID LDAP — This service is used to provide LDAP virtual directory authentication and data services for exposing EmpowerID Identity Warehouse data and data in connected directories as a single unified LDAP directory with a flexible schema.

  • EmpowerID Reverse Proxy — This service is used to provide single sign-on and authorization for users accessing an organizations web applications. The reverse proxy service stands in front of the web applications and services end user requests. In each case, requests are intercepted and access is authorized by EmpowerID Role-Based and Attribute-Based authorization policies.

Windows desktop client applications

  • EmpowerID Management Console

  • Workflow Studio

  • Domain Controller Filter (Password Detection Agent)

  • Windows Login Client — Credential Provider and GINA

Web server components

  • EmpowerID Web Application

  • EmpowerID Features for Microsoft SharePoint

To ensure a smooth install, make sure EmpowerID files, including websites and programs, are excluded from anti-virus scanning software settings.

Application Pools

There are seven separate application pools in IIS that EmpowerID uses to distribute processing:

  • EmpowerID Exchange Services — This application pool manages handles all Exchange-related requests.

  • EmpowerID SQL Web Services — This application pool manages all SQL over WCF traffic.

  • EmpowerID Web Reports — This application pool manages all requests related to EmpowerID's integration with Reporting Services.

  • EmpowerID Workflow Web Services — This application pool manages all traffic related to workflow requests made to EmpowerID.

  • EmpowerID Web Services — This application pool is a catch-all for all other WCF service calls.

  • EmpowerID Web Service Garden — This application pool manages any EmpowerID processes that need to scale based on load, by spooling up multiple worker threads to distribute the load and provide high availability.

  • EmpowerID IdPs — This application pool includes:

    • EmpowerIDWebIdPForms — Processes identity providers that do not require special settings, holds all OAuth traffic (e.g., Yammer, PayPal), OpenID traffic, EmpowerID's own native forms traffic, EmpowerID's internal authentication provider, and remote identity providers

    • EmpowerIDWebIdPSmartCard — Processes SmartCard authentication

    • EmpowerIDWebIDPWindows —  Enables Windows authentication and disables other authentication methods

    • EmpowerIDWebIdPWSFederation — Internally handles packet traffic sent by WS-Federation service providers (does no authentication itself)

  • EmpowerID — This application pool handles all EmpowerID Service Provider traffic for the EmpowerID Web Application along with all ClickOnce Installer requests.