Installation Components
An EmpowerID deployment contains three major component groups: the server services, the web server components, and the Windows desktop client applications. Each group is comprised of the following:
Server services
EmpowerID Web Role — The Web Role service is used for processing the EmpowerID Web Service Garden, EmpowerID SQL Web Services, EmpowerID Web Services, and EmpowerID Workflow Web Services. This service hosts jobs that perform the following tasks in an EmpowerID deployment:
Performs escalation
Performs heartbeat check for WF service
Provides event publication and subscription.
The Web Role service has no inbound connections so it does not listen on a port or require SSL port bindings. The service is required on all EmpowerID Web servers.
EmpowerID Worker Role — The Worker Role service is responsible for executing all back-end processes. This service hosts jobs that perform the following tasks in an EmpowerID deployment:
Performs the RBAC service and Execution Runtime
Performs Daemon services.
EmpowerID RADIUS — This service is used to provide RADIUS authentication for routers, switches, and other RADIUS-compliant devices.
EmpowerID LDAP — This service is used to provide LDAP virtual directory authentication and data services for exposing EmpowerID Identity Warehouse data and data in connected directories as a single unified LDAP directory with a flexible schema.
EmpowerID Reverse Proxy — This service is used to provide single sign-on and authorization for users accessing an organizations web applications. The reverse proxy service stands in front of the web applications and services end user requests. In each case, requests are intercepted and access is authorized by EmpowerID Role-Based and Attribute-Based authorization policies.
Windows desktop client applications
EmpowerID Management Console
Workflow Studio
Domain Controller Filter (Password Detection Agent)
Windows Login Client — Credential Provider and GINA
Web server components
EmpowerID Web Application
EmpowerID Features for Microsoft SharePoint
To ensure a smooth install, make sure EmpowerID files, including websites and programs, are excluded from anti-virus scanning software settings.
Application Pools
There are seven separate application pools in IIS that EmpowerID uses to distribute processing:
EmpowerID Exchange Services — This application pool manages handles all Exchange-related requests.
EmpowerID SQL Web Services — This application pool manages all SQL over WCF traffic.
EmpowerID Web Reports — This application pool manages all requests related to EmpowerID's integration with Reporting Services.
EmpowerID Workflow Web Services — This application pool manages all traffic related to workflow requests made to EmpowerID.
EmpowerID Web Services — This application pool is a catch-all for all other WCF service calls.
EmpowerID Web Service Garden — This application pool manages any EmpowerID processes that need to scale based on load, by spooling up multiple worker threads to distribute the load and provide high availability.
EmpowerID IdPs — This application pool includes:
EmpowerIDWebIdPForms — Processes identity providers that do not require special settings, holds all OAuth traffic (e.g., Yammer, PayPal), OpenID traffic, EmpowerID's own native forms traffic, EmpowerID's internal authentication provider, and remote identity providers
EmpowerIDWebIdPSmartCard — Processes SmartCard authentication
EmpowerIDWebIDPWindows — Enables Windows authentication and disables other authentication methods
EmpowerIDWebIdPWSFederation — Internally handles packet traffic sent by WS-Federation service providers (does no authentication itself)
EmpowerID — This application pool handles all EmpowerID Service Provider traffic for the EmpowerID Web Application along with all ClickOnce Installer requests.