6.2 Split deployment

SIU references: SIU-206, SIU-207, SIU-208, SIU-209, SIU-210, SIU-211, SIU-212, SIU-213, SIU-214, SIU-215.

To implement a split deployment, where the MyID application, web, and database components are installed on different physical machines, you must follow a strict implementation procedure. This ensures the various servers are created in the correct order. An overview of this order is described here.

Make sure that the time and date are synchronized between the servers.

Note: Make sure you have DTC set up to allow the servers to communicate with each other. See section 4.3.2, MSDTC security configuration.

  1. Create the MyID database.

    1. Run the MyID installer either locally on the database server, or remotely on the MyID application server for a remote install. If you are installing remotely, you can install the database server and application server at the same time.

      Important: If you run the MyID installer on the application server to create the database at the same time as you install the application server components, you must carry out any further modifications, updates, or upgrades to the database from this same server.

    2. Select the Database Server option in the Select MyID Server Roles and Features dialog.

  2. Create the MyID application server.

    Use the Server Manager to make sure that the server is set up to have the Application Server role. You do not need the Web Server (IIS) Support role.

    Run the MyID Installer on the application server and check only the Application Server option in the Select MyID Server Roles and Features dialog.

    Note: It can be helpful to install both the application server and web server on the same machine initially; this allows you to verify that the installation is working correctly. Once you have this system set up and working, you can install the web server onto a separate machine and transfer the COM proxies to split the web and application servers onto separate physical machines.

  3. Run GenMaster to generate a master key for the database and a startup user.

    This application runs automatically during the MyID server installation and is used to generate your Master Keys in the registry or in your HSM, as well as to create a startup user that allows you to bootstrap the system. See section 6.5, Using GenMaster.

  4. Transfer COM proxies to allow communication between the web server and the application server.

    The COM proxies also allow communication between the web services and the application server.

    Before you install the web server, you must export the COM Proxies from the application server to the web server. To do this, you must run the .msi files in the following folder on the application server:

    C:\Program Files\Intercede\MyID\Components\Export

    To run the COM proxy installers, either:

    • From the MyID web server, browse to a share on the MyID application server and run the .msi installers directly. For example, browse to:

      \\<app>\C$\Program Files\Intercede\MyID\Components\Export

      where <app> is the name of your MyID application server. Run the .msi files directly.

      Note: You must add the application server to the list of Trusted Sites on the web server.

    or:

    • Copy the .msi files to the MyID web server and run the installers from there.

  5. Create the web server.

    Run the MyID installer on the web server and select the Web Server and Web Services Server options in the Select MyID Server Roles and Features dialog.

    Select any or all of the optional MyID services features that you want to use.

  6. Open MyID Desktop.
  7. Log on to MyID with the startup user.

Note: This procedure assumes that you want to keep the MyID website and the MyID web services on the same physical server. If you want to use separate servers for the web site and the web services, see the Setting up the MyID web services on a standalone server section in the Web Service Architecture guide for details of the necessary additional configuration.