Swimage Infrastructure



Required Components


Active Directory


AD Groups

Swimage requires three Active Directory groups. These groups can be named anything based on your own naming conventions.

Default Group Name

Group Description

Group Usage

SwimageAdmins

Swimage Administrators

Members of this group have full access to Swimage

SwimageUsers

Swimage Users

Members of this group can initiate and manage deployments

SwimageAuthenticatedUsers

Swimage Authentication

Members of this group can generate reports and access historical deployment data



AD Users

Swimage requires four Active Directory accounts. These accounts can be named anything based on your own naming conventions. The same ID can be used for multiple roles; however, they are typically separate accounts in companies with more strict security guidelines.

Default User Name

Account Description

Account Usage

Member of / rights

SwimageService

Swimage Service Account

Swimage server application pool and Swimage task processor

SwimageAdmins

Local Administrators on Swimage server

SwimageAccess

Swimage Access Account

Client connection account during deployments

SwimageAdmins

SwimageJoin

Swimage Join Domain Account

Joins computers to the domain

Delegated privilege to the OU to join or move from.

SwimageSync

Swimage ESD Access Account

Access to the ESD for inventory and deployment scheduling.  Also used for e-mail notification.

SwimageUsers

Rights to ESD (SCCM, Ivanti, etc.)



Swimage Server


The configuration specifications assume that the Swimage servers in question will be dedicated and not dual-tasked with other functions. Adding additional workload to these servers may require greater specifications than those stated below to support.

Drive segmentation is not as critical in a virtual server configuration, but mirroring this best practice will make it easier for troubleshooting should any issues arise.

Component

Requirement

Operating System

Microsoft Server 2012 R2

Processors

8 cores

RAM

16 GB

Disk Configuration (Number)

2 Drives or Partitions

 

C: (Min Recommended 200 GB)

Space for Operating System, IIS, and SharePoint

 

D: (Min Recommended 500 GB)

Space for Swimage (System), Images, Drivers, Applications, and Configuration files. This will scale with the number of images that you support.



SQL

The databases can be on a shared SQL server as long as the SwimageService account is given the appropriate rights as listed in the table below.

If you are dedicating a SQL server to Swimage with its own instance, you can simply create the instance with default settings and grant the SwimageService account SA privilege to the instance. Swimage will create the required databases with the correct settings and permissions automatically.


SQL Instance

Component

Requirement

SQL Version

Microsoft 64-bit SQL Server 2012 or 2014

(SQL 2016 is not supported)

Instance Settings

“Maximum Degree of Parallelism=1”

 

SA: SwimageService (Temporarily for install only)


SQL Database

The databases listed do not need to be created in advance as long as the SwimageService account has SQL instance rights. Instance rights can be removed once the databases are installed. DB rights for SwimageService however, must remain as DB Owner.


Database Name

Description

Size

Configuration

SWIMAGE-FARM-[datestamp]

Swimage-Farm

100 MB

DB Owner: SwimageService

 

 

 

LATIN1_General_CI_AS_KS_WS collation sequence

SWIMAGE-[datestamp]

Swimage Content DB

10 GB

DB Owner: SwimageService

 

 

 

LATIN1_General_CI_AS_KS_WS collation sequence

Master

 

 

Read/Write: SwimageService

 

 

Optional Components


SCCM


Swimage uses the Server Access account to connect to SCCM to read and manage objects it creates. The following class and instance permissions should be configured in SCCM for the Server Access account. Permissions should be configured using the ‘Manage ConfigMgr Users’ action in the ConfigMgr Console so that the account is added to the ‘SMS Admins’ local group on the SCCM server.


Additionally:

• The Server Access account must be manually added to the ‘Distributed COM Users’ group on the SCCM server so it can access DCOM remotely.

• If Swimage is on the same computer as an SCCM Management Point, the Server Access Account must be added to the local Administrators group.

Class

Instance

Permissions

Advertisement

All Instances

Read, Modify, Delete, Create, Manage Folders

Collection

All Instances

Read, Modify, Delete, Advertise, Create, Read Resources

Site

All Instances

Read

Package

All Instances

Read, Modify, Delete, Distribute, Create, Manage Folders

Status Message

All Instances

Read

Configuration Item

All Instances

Read

Deployment

All Instances

Read

Deployment Package

All Instances

Read

Deployment Template

All Instances

Read


Return to Swimage Training