This pattern is appropriate for larger environments where the need to scale out is required.
Securing the environment for the self-service portal involves the following tasks:
Understanding and planning the default and custom user roles that are defined in the self-service portal.
Planning and preparing the service accounts.
Understanding the ports and protocols required for establishing communication channels between various self-service portal components.
Hardening the Web server that will run the VMMSSP website component.
Accounts and Groups for the SSP User Roles The self-service portal provides four default user roles; you can also create
custom user roles. The self-service portal uses Windows authentication, so you can populate these user roles with Active Directory user accounts and security groups. Plan how you will map security groups to the user roles. In particular, identify the security groups and user accounts that you will add to the DCIT Admin built-in user role. Members of this role are super-administrators; they can perform the entire set of tasks that VMMSSP website exposes. You can add