- 8 minutes to read

Prerequisites for the Nodinite Install and Update Tool

This page describes the prerequisites for successfully installing and running the Nodinite Install and Update Tool.

The Nodinite Install and Update Tool has two components that need to be installed:

  1. Install and Update Tool Web Interface hosted within IIS
  2. Update Service; a Windows Service.

Usually, these two components are installed on the same server. The Windows Installer (MSI) allows you to select which components to install during execution, more about that can be further explored in the Installing and Configuring - Install and Update Tool page.

Scenario 1: Simple setup
In the scenario below the Install and Update Tool and the Update Service are installed on the same Windows Server.

graph LR subgraph "Nodinite Web Server" roNI(fal:fa-rocket Install and Update Tool
Web Interface) -->|REST API| roUS(fal:fa-cog Update Service
Windows Service) end subgraph "SQL Server" roCDB(fal:fa-database Configuration Database) roUS --> roCDB end
Verified Topic
Software Requirements
IIS Default Web Site
Linked Server
Windows rights
Database rights
Firewall

Use the checklist above to verify that you have performed all steps required for the Nodinite Install and Update tool

Software Requirements

Product
Windows Windows 2019
Windows 2016
Windows 2012 R2
Windows 2012
Windows 2008 R2 is not recommended and requires additional administration and maintenance
SQL Server Binaries 1. DACFramework.msi
2. SqlDom.msi
3. SQLSysClrTypes.msi
Download SQL Server DACPAC binaries
Optional SQL SSMS Latest SSMS

Nodinite requires DACPAC SQL Binaries used for installing and updating databases. You can (and should) install a higher version (latest) compared to your SQL Server since Microsoft provides backwards compatibility. The other way around is not supported. There is no licensing cost associated with installing and running the Microsoft DACPAC binaries.

Using the latest SSMS will ensure you have a valid version of the required SQL Server binaries and it's only one installer (although larger)

If you experience issues installing or updating Nodinite databases than almost always the problems is with incompatible client versions, update with SSMS above

IIS Default Web Site

Your IIS must be properly configured with the following Windows Roles and Features

Note: The Default Web Site must exist within your IIS(!) The installer will fail otherwise and there is no supported workaround. Nodinite Core Services may be installed on other Web Sites (however not recommended)

Prerequisites for IIS Web Server

Feature Name Comment
Common HTTP Features HTTP Redirection
Static Content
Performance Features Dynamic Content Compression
Static Content Compression
Security Features Basic Authentication
Windows Authentication
Application Development .Net Extensibility 4.x
ASP.NET 4.x
ISAPI Extensions
ISAPI Filters
WCF Features .Net Framework 4.X WCF Requirement for the Log API

Note: Your client browser must support HTML 5, review the Client Browser prerequisites for additional details

Microsoft Distributed Transaction Coordinator (DTC)

The Update Service is involved in SQL Server related operations and Nodinite uses the Windows Service Microsoft Distributed Transaction Coordinator (DTC) that is responsible for coordinating transactions that span multiple resource managers. We have written a dedicated tutorial for Nodinite with our best practices for how to install and configure the DTC Windows Service.

You must configure the DTC as documented otherwise Nodinite Install and Update Tool will not be able to function

What Windows rights does the Install and Update Tool require?

The Install and Update tool has two components which if installed on different Windows Servers can be run with different and least privileges according to details outlined in this paragraph.

1. Web-based User Interface

When you install Nodinite Install and Update Tool running the Windows Installer (.MSI) a is assigned an IIS App Pool. This IIS App Pool is set to run with ASP.NET Impersonation and all consumers of the Install and Update Tool will be impersonated to this dedicated Windows Service account. For anyone to use the Install and Update Tool access rights must be assigned.

The Install and Update Tool uses ASP.NET Impersonation which is a feature built-into IIS and further call to APIs hosted by the Update Service are being performed as this identity.

If the impersonated service account for IIS App Pool is not a local administrator then the Windows Domain account must be added to the local 'IIS_IUSRS' group. The account used must also be assigned certain SQL Rights, see next paragraph.

2. Update Service

The Update Service is responsible for replacing files on the IIS, installing Windows Services which includes potentially remote start and stop commands. In a Windows Server environment this is a highly privileged function that only members of the local Administrators group are allowed to perform.

Note: The account must have Log on as Service Right AND be a local admin

Note: Regardless where you install the Update Service, the account for the Update Service must be a local administrator on all Nodinite App- and Web-servers

Note: Make sure to add the account running the Update Service as a registered user within the Nodinite Web Client

What SQL Rights does the Install and Update Tool require?

The Update Service is using the configured Windows Service Account during install and update operations and must have the following SQL rights assigned:

SQL Instances

Assign the following Server Roles on all SQL Server Instances hosting any of the following Nodinite databases:

  • Configuration Database

  • Log Databases

  • public

  • dbcreator

  • diskadmin

  • securityadmin (means the account has the right to become SYSADMIN) or

    • SYSADMIN - this right is the only one required if accepted by your internal policies and then you can ignore the previous roles.

Configuration Database

On the SQL Server instance with Configuration Database the account must have the following User Mapping (assigned by the installer tool during installation)

  • db_datareader
  • db_datawriter
  • db_ddladmin

Logging Databases

On the SQL Server instances with Log Databases the account must have the following User Mapping (assigned by the installer tool during installation)

  • db_datareader
  • db_datawriter
  • db_ddladmin

Note 1: db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.

Note 2: If you are using SQL Server Always On please review additional steps required from the About SQL Server Always On Availability Groups user guide

Make sure Kerberos is working from Nodinite Server and BizTalk SQL Databases:

Note: This is a very important test step and can be performed before you have installed anything else but the SQL MMC (SSMS) tool

The following SQL Query should return ‘Kerberos‘ running the SQL MMC from Nodinite Server against remote SQL Server instance

SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid;

If you have SQL Server installed locally then NTLM will be used instead of Kerberos, which is a simpler scenario and is supported by Nodinite

What Firewall settings are required for the Install and Update Tool?

The Install and Update Tool requires both inbound and outbound ports to be opened. Since Nodinite is highly configurable, the actual ports in use may differ from what's being exampled here.

The Install and Update Tool requires both inbound and outbound ports to be open. Depending on your environment, different ports may be used. On a high level the following services must be allowed:

  1. TCP Ports for REST
    • Inbound communication from consumers typically HTTP and HTTPS
    • Outbound communication with Update Service(s) Nodinite performs internal alive checks
  2. Configuration Database - ports used to communicate with SQL Server

1. TCP Ports for REST

Port Name Inbound Outbound TCP UDP Comment
80 HTTP default for HTTP)
443 HTTPS default for HTTPS)
  • 1-65535 - It all depends on what port you have assigned using 'Edit Bindings' for the Web Site hosting the Install and Update Tool (inbound and outbound see next bullet)

If you're going to host Nodinite on non-default ports, Please contact our support for guidance at support@nodinite.com

  • 8000 HTTP with X API Key (outbound)
    • Update Service
graph LR subgraph "Nodinite Web Server" roNI(fal:fa-rocket Install and Update Tool) -->|8000| roUS(fal:fa-cog Update Service) roWebClient(fal:fa-globe Client Browser) -->|80,443,...| roNI end

2. TCP Ports between Update Service and SQL Server

The Install and Update Tool accesses the databases using the Impersonated Windows Account. You must ensure that TCP ports used are allowed by your firewalls, depending on location of the SQL database the actual ports used may differ. The following Windows Services are involved:

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
88 Kerberos Review 'Microsoft Kerberos' user guide
135 DTC/RPC This port is shared between many Windows Services
1433/... SQL Server instance ports (multiple) Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide
graph LR subgraph "Nodinite App Server" roUS(fal:fa-cog Update Service) end subgraph "SQL Server" roCDB(fal:fa-database Configuration Database) roUS -->| SQL, DTC, DNS, RPC | roCDB end

Linked Server

Nodinite uses the SQL Server concept of Linked Servers and the Install and Update Tool eventually requires these to be properly configured BEFORE installing Nodinite.

Review and follow the steps further detailed in the linked server prerequisites section for the Configuration Database.

Frequently asked questions

Common problems and FAQ for the Install and Update Tool can be found in the troubleshooting page.

Can I secure the Install and Update Tool?

Yes, the Install and Update Tool supports the usage of SSL Certificates. Simply add your certificate to IIS and configure the Install and Update Tool to only allow https.


Next Step

Install the Nodinite Install and Update Tool