Configuring Security in a Multi-Machine Environment

In a multi-machine environment, a region can operate across multiple systems. For example in a cluster environment, network load balancing uses SEPs running on more than one system.

Users typically sign on once during a session. The event monitor on the signed-on system accesses the user's credentials (username and password) and generates user impersonation tokens as needed.

In a multi-machine environment, SEPs can run on machines other than the signed-on system. These SEPs do not have access to the user's credentials. In these environments, there are additional considerations for user impersonation.

Enterprise Server for .NET provides two mechanisms to support this architecture. Both use the Server EE for .NET monitor service (seemonitor.exe) to obtain user tokens for SEPs. In a scale-out environment with user-impersonation enabled, you can use one of the following mechanisms:

You configure the token creation mode in machine.config: