IT tutorials
 
Applications Server
 

SharePoint 2010 : Service Applications - Creating the Secure Store

1/10/2013 11:19:42 AM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

The Secure Store service can be referred to as a core service because several other services require this service to be set up and configured in order to function. A part of its offering is a secure database that stores credentials associated with application IDs. These IDs are used to access content from external data sources. This is accomplished by creating unattended accounts that are stored within the Secure Store database. An example of this will be seen in an upcoming recipe with Excel Services configuration. The Secure Store will be used to house the ID that will access the data sources that the dashboards will display. These are external data sources such as SQL Server or SAP. MOSS 2007 also provided this functionality through the use of the application proxy ID. The problem with this scenario is that it does not follow the least privileged account rules.

SharePoint 2010 uses the new Secure Store and a completely separate ID from the proxy. This means now an account can be set up with only the rights it needs to access the proper data.

In this recipe, you will be shown how to set up the secure store.

Getting ready

Central Administration must be set up and you must be a Service Administrator for the Secure Store service. The Farm Administrator also has permissions to perform this action.

Create an Active Directory account, which will be configured as the identity for the application pool created for this service application.

How to do it...

  1. 1. Open up the SharePoint 2010 Central Administration website.

  2. 2. Under the section titled Application Management, click Manage service applications.

  3. 3. On the ribbon, in the top left corner, is a New button. Click the arrow to see all the services that can be created. Select the Secure Store Service option as seen in the following screenshot:

  1. 4. A form appears with the following fields to be filled in:

    • Name: Fill in the Service Application Name.

    • Database Server: SQL Server machine name.

    • Database Name: The name of the Secure Store database to be created. You can modify the GUID at the end of the name.

    • Database Authentication: Choose the Windows authentication radio button.

    • Failover Database Server: Fill this in if you have a server configured for this operation. This will not create a failover database.

    • Application Pool: Create a new application pool and give it an appropriate name.

    • Associate a security account: Use configurable and an existing domain account that was created as part of the requirements.

    • Audit Log: By default, this is enabled and the textbox is populated with the default value of 30 days.

      Click OK. The Secure Store application will be created and the page will navigate back to the listing of service applications.

  2. 5. Once the new Secure Store Application is created, click on it.

  3. 6. A key must be generated to encrypt the database. This is done based on a pass phrase. The pass phrase must be at least eight characters long and must have at least three of these four elements—uppercase characters, lowercase characters, numeric characters, and special characters. The following screenshot shows the presentation screen:

  1. 7. Click OK after filling in the Pass Phrase and the Confirm Pass Phrase textbox.

The service is now operational.

How it works...

At the heart of the Secure Store service is the Secure Store database that will contain credentials to be used for accessing external data sources. These credentials are encrypted and decrypted via the key that was generated when the pass phrase was created.

The information that is filled out in step 4 is the identity of the database, the authentication method, the application pool it uses, and a potential Failover Database Server. The failover database server would need to be set up independently as identifying a server as failover does not configure it.

There's more...

PowerShell can be used in place of the UI to create the Secure Store service application. Before creating a new Secure Store service application, ensure that the Secure Store service is running. This can be confirmed by doing the following:

  1. 1. Open Central Administration.

  2. 2. Click System Settings.

  3. 3. Click Manage Service on Server under the Server section.

  1. 4. Ensure the Secure Store Service says started.

Using the following PowerShell command, we can create the Secure Store Service application:

New-spsecurestoreserviceapplication Name $serviceapplicationame partionmode:
<false> sharing:$false databaseserver $dbserveraddress applicationpool <apppool>
 administrators <adminscommaseparated> auditingenabled:<true> auditlogmaxsize 30

Using the following PowerShell command, we can generate/refresh the key:

Update spsecurestormasterkey serviceapplicationproxy <proxy> passphrase <farmpassphrase>
Update-securestoreapplicationserverkey serviceapplicationproxy <proxy> passphrase <farmpassphrase>

Using the following PowerShell command, we can get a listing of running services:

Get-SPServiceInstance

More info

The encryption key should be backed up because you may need to use it again in case you have to restore a backed up Secure Store database or if you add a new application server to the farm.
 
Others
 
- SharePoint 2010 : Service Applications - Managing a service
- System Center Configuration Manager 2007 : Proving the Concepts (part 2) - Testing in the POC Phase
- System Center Configuration Manager 2007 : Proving the Concepts (part 1) - Building the Proof of Concept Environment
- BizTalk Server 2009 : Administrative Tools (part 4) - MSBuild
- BizTalk Server 2009 : Administrative Tools (part 3) - ExplorerOM
- BizTalk Server 2009 : Administrative Tools (part 2) - WMI
- BizTalk Server 2009 : Administrative Tools (part 1) - BizTalk Administration Console, BTSTask
- Microsoft Dynamic GP 2010 : Understanding all of the financial information about an asset with Fixed Asset Details
- Microsoft Dynamic GP 2010 : Tracking Tangible Personal Property Tax information for Fixed Assets
- Managing Exchange Server 2010 : Archiving and compliancy (part 3) - Discovery, Litigation hold
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us