Plan for ConfigMgr integration
Whether your ConfigMgr hierarchy includes a CAS with multiple child primary site servers, or a single, standalone primary site server, Adaptiva OneSite provides integration options during and after installation. Adaptiva recommends installing Adaptiva Server on a Primary Site Server or on a server within close network proximity of the Primary Site Server. The server installation location varies based on how your organization has designed the ConfigMgr environment.
ConfigMgr Integration Best Practices
Use the following best practices when preparing to install the Adaptiva Server with your ConfigMgr hierarchy:
Adequate disk space is available for Adaptiva and to store Adaptiva content.
If the Adaptiva Server is not co-located with the Adaptiva Server ConfigMgr Site Server, you must grant the Adaptiva Server computer system account for the Adaptiva Server the necessary permissions.
Use the NTLM V2 Authentication protocol when the ConfigMgr and Adaptiva databases are hosted on the same SQL Server. Or, if these databases are hosted on separate SQL Servers or need additional security, use Kerberos Authentication.
ConfigMgr Integration Options
Based on the ConfigMgr hierarchy at your site, decide which of the Adaptiva Server installation locations works best for your organization. The placement of the Adaptiva Server services may vary based on the design and configuration of the ConfigMgr environment. Review the following integration options when choosing the installation location for the Adaptiva Server:
Where can I install the Adaptiva Server?
Adaptiva Server on the Primary Site Server
Adaptiva Server on the ConfigMgr CAS only
Adaptiva Server on the ConfigMgr CAS and each child Primary Site Server
Adaptiva Server on a stand-alone server
Where can I host the Adaptiva database?
Adaptiva database on the Adaptiva Server
Adaptiva database on the same SQL Server as the ConfigMgr database
Adaptiva database on a dedicated SQL Server
Adaptiva Server on the Primary Site Server
Integrating Adaptiva OneSite and a single ConfigMgr Primary Site is the simplest configuration. In this scenario, the Adaptiva Server is installed on the same server that hosts the ConfigMgr Primary Site Server and the SQL database.
Adaptiva Server on the ConfigMgr CAS only
In this configuration, the Adaptiva Server is only installed on the CAS Site Server and not the Primary Site servers. ConfigMgr clients report to their Primary sites and Adaptiva Clients on these devices report to the Adaptiva Server on the CAS. All content and deployments must be sourced at the CAS level to function properly. Adaptiva will not detect any content or deployments originating from the Primary Site servers.
Note
The Adaptiva OneSite Policy Bandwidth Management feature cannot detect any applicable policy changes when the Adaptiva Server is installed on the CAS only.
Adaptiva Server on the ConfigMgr CAS and each child Primary Site Server
In this scenario, the Adaptiva Server is installed on the CAS and each Primary site server. Installing Adaptiva on the CAS provides visibility into policies and published content originating on the CAS. Installing Adaptiva on each Primary Site Server provides visibility for content published on the Primary as well as the ability to notify clients of policy changes. This configuration is necessary when sourcing content or deployments from any of the Primary Site servers.
Depending on how your company uses Adaptiva, the administrative overhead for this configuration may be higher than other options, because there is no hierarchy in the OneSite Platform.
Adaptiva Server Separate from the ConfigMgr
Another option is to install Adaptiva OneSite separately from the ConfigMgr Site server with SQL Server. This option is often used when there is a security requirement to isolate applications. For example, when integrating the Adaptiva Server with ConfigMgr High Availability.
Carefully consider the placement of your database. For instance, if the SQL Server is separate, you must set up the SPNs, Kerberos, and Linked servers. See Database Considerations.
Additional Database Considerations - Linked Servers
Because the Adaptiva Server uses a separate database, a link between the ConfigMgr database and the Adaptiva database must be created to enable cross-database reporting. The Adaptiva Server setup creates the necessary links in only one of the two scenarios below.
Adaptiva and ConfigMgr databases Share Same SQL Server but use Separate Instances
The Adaptiva Client setup creates two links, one in each instance linking to the other instance. The links are named using the FQDN of the SQL Server system hosting the default instance or the instance name for a named instance.
For example, if the FQDN of the server is SQL-123.MyOrg.MyDomain.com, and the default instance is used, then the link in the other instance is named SQL-123.MyOrg.MyDomain.com. If the database is in an instance named Instance1 on the SQL-123 server, then the link in the other instance is named SQL-123.MyOrg.MyDomain.com\Instance1.
Adaptiva and ConfigMgr databases Hosted by Separate SQL Servers
Before installing the Adaptiva Server, you must manually create links in each instance of SQL Server. The linked server name on Server A must be the FQDN (including the instance name, if used) of the other SQL Server. During setup, the server checks for the existence of the link and verifies the appropriate permissions to ensure a successful installation. For additional information, see Create linked servers (SQL Server Database Engine) (Microsoft).
ConfigMgr Security Settings
The Adaptiva Server requires the necessary permissions, including Site System, Content Library, Inboxes, and SQL Server, to communicate with the ConfigMgr server. No changes are required when installing the Adaptiva Server on the ConfigMgr server, and the Local System account is used.
Account Options
When installing the Adaptiva Server, you have the following account options to access ConfigMgr:
Grant the Adaptiva Server access to ConfigMgr with its system account (default).
Grant the Adaptiva Server access to ConfigMgr with a domain account.
It is not recommended to grant any accounts or groups the Full Administrator role. See the following minimum permissions:
Download and import the custom Security role from the following location:
https://adaptiva.com/hubfs/Docs/Adaptiva%20Administrator.xmlTip
You can also create a custom Security Role named Adaptiva Administrator based on the Read-Only Analyst Built-in role and modify with the permissions found in the table below.
Add the Administrative User that was chosen to be used.
Add the Administrative User to the Adaptiva Administrator role.
If using custom Security Scopes, select all instances of the objects that are related to the assigned security roles.
Add the chosen account to the Local Administrators group on the Site Server, any Server hosting the SMS Provider role and the server hosting the ConfigMgr Content Library.
ConfigMgr Database Account Permissions
When installing the Adaptiva Server, you have the account options below to access ConfigMgr database on the SQL Server.
Installation Account
The account performing the installation on the Adaptiva Server must be granted the sysadmin role on the SQL Server where the ConfigMgr database is hosted or db_owner on the ConfigMgr database. These permissions can be reduced after installation. See the Adaptiva OneSite Platform Installation User Guide for more information.
Database Access Account
The Adaptiva Server installation defaults to using the Local System account. You can change this to a local account or a domain account. A SQL account could also be used. When you integrate with ConfigMgr, you must grant the selected account the sysadmin role on the SQL Server where the ConfigMgr database is hosted or db_owner on the ConfigMgr database. These permissions can be reduced after installation. See the Adaptiva OneSite Platform Installation User Guide for more information.
Other Account Permissions
Reporting Services Point
The Installation will create SQL Server Reporting Services (SSRS) reports on the ConfigMgr Reporting Server if it is already configured. The ConfigMgr Reporting Services Point Account must be granted db_datareader to the Adaptiva database so that reports can be executed.
Child Site ConfigMgr Database
When using PXE, the service account that the CAS SQL database server uses requires access to the child Primary Site databases.
ConfigMgr Database Security User Mapping minimum permissions (after installation):
db_datareaderdb_datawriterdb_executer
File Systems
The Adaptiva Server service will require access to the ConfigMgr Content Library and Inboxes defined by the ConfigMgr Site Servers. Add the chosen account to the Local Administrators group on the respective ConfigMgr Site Server.
Account Permission Details
The table below lists the permissions required for any service account running the Adaptiva Server service. Follow the instructions to make these changes in SQL Management Studio.
ConfigMgr Site Server
Adaptiva Server System account or Optional Service account
Local Administrators group
SQL Server hosting ConfigMgr database
Installation account or Optional Service account
During installation, assign either Sysadmin or db_owner to the installation account for the ConfigMgr database.
ConfigMgr Database Security User Mapping (optional service account) minimum permissions (after installation):
db_datareader
db_datawriter
db_ddladmin
db_executer
SQL Server hosting Adaptivadatabase
ConfigMgr Reporting Services Point account
Adaptiva database Security User Mapping:
db_datareader
In a CAS SQL Server hosting a child Primary database
Adaptiva Server System account or Optional Service account
When using PXE, the service account that the CAS SQL database server uses requires access to the child Primary Site databases.
ConfigMgr Database Security User Mapping minimum permissions (after installation):
db_datareader
db_datawriter
db_executer
ConfigMgr Security
Adaptiva Server System account or Optional Service account
Adaptiva recommends granting the following minimum permissions: * Import the attached Security role or create a Custom Security role with the name AdaptivaAdministrator. This name is based on the default Read-Only Analyst role.For more information, see Configure role-based administration for Configuration Manager (Microsoft). You can also use the Adaptiva Administrator.xml file to upload the permissions. * Add the following permissions: - Application: Create, Delete, Modify, Modify Report - Boot Image Package: Create, Delete, Modify - Collection: Create, Delete, Delete Resource, Modify, Modify Collection Setting, Modify Resource - Driver Package: Create, Delete, Modify - Operating System Image: Create, Delete, Modify - Operating System Upgrade Package: Create, Delete, Modify - Package: Create, Delete, Modify, Modify Report - Query: Create, Delete, Modify - Site: Modify, Modify Report - Software Updates: Modify Report - Status Messages: Create, Delete, Modify Report - Task Sequence Package: Modify Report
Inboxes (SMS_ share location)
Adaptiva Server System account or Optional Service account
If this account is not in the Local Administrators group, grant Full Control to the following path:
\\<ConfigMgrSiteServer>\SMS_<sitecode>\inboxes
Content Library
Adaptiva Server System account or Optional Service account
If this account is not in the Local Administrators group, grant read-only permissions to the Content Library.
The db_executer role is created in each database using the following SQL command:
CREATE ROLE db_executer
GRANT EXECUTE TO db_executer
Record the Integration Details
When integrating the Adaptiva Server with an existing ConfigMgr Site, you must provide the necessary details to successfully connect the ConfigMgr Site Server during the Adaptiva Server installation. This integration also requires access to the SMS Provider, ConfigMgr database, Site Server inboxes, and the Content Library file system hosted by the ConfigMgr Site Server.
The Adaptiva Server installation may require configuration details such as the following:
Collect the ConfigMgr Site Server FQDN.
Collect the ConfigMgr three-character site code.
Account chosen with access to the ConfigMgr Site Server components when not using Local System username and password. Domain name should be entered as Netbios name, not FQDN.
Collect the ConfigMgr SQL Server FQDN.
Collect the ConfigMgr Database Name.
Instance Name: The default or
AdaptivaSQLfor SQL Server Express Edition.SQL Server Port: Defaults to 1433.
Encryption status of the SQL database
Account chosen that can access the ConfigMgr Database when not using Local System username and password. Domain name must be entered as Netbios name, not FQDN.
Last updated
Was this helpful?