Prerequisites for the Nodinite Install and Update Tool
This page describes the prerequisites for successfully installing and running the Nodinite Install and Update Tool.
The Nodinite Install and Update Tool has two components that need to be installed:
- Install and Update Tool Web Interface hosted within IIS
- Update Service; a Windows Service.
Usually, these two components are installed on the same server. The Windows Installer (MSI) allows you to select which components to install during execution, more about that can be further explored in the Installing and Configuring - Install and Update Tool page.
Scenario 1: Simple setup
In the scenario below the Install and Update Tool and the Update Service are installed on the same Windows Server.
Web Interface) -->|REST API| roUS(fal:fa-cog Update Service
Windows Service) end subgraph "SQL Server" roCDB(fal:fa-database Configuration Database) roUS --> roCDB end
|IIS Default Web Site|
Use the checklist above to verify that you have performed all steps required for the Nodinite Install and Update tool
Windows 2012 R2
Windows 2008 R2 is not recommended and requires additional administration and maintenance
|SQL Server Binaries||1. DACFramework.msi
|Download SQL Server DACPAC binaries|
|Optional||SQL SSMS||Latest SSMS|
Nodinite requires DACPAC SQL Binaries used for installing and updating databases. You can (and should) install a higher version (latest) compared to your SQL Server since Microsoft provides backwards compatibility. The other way around is not supported. There is no licensing cost associated with installing and running the Microsoft DACPAC binaries.
Using the latest SSMS will ensure you have a valid version of the required SQL Server binaries and it's only one installer (although larger)
If you experience issues installing or updating Nodinite databases than almost always the problems is with incompatible client versions, update with SSMS above
Your IIS must be properly configured with the following Windows Roles and Features
Note: The Default Web Site must exist within your IIS(!) The installer will fail otherwise and there is no supported workaround. Nodinite Core Services may be installed on other Web Sites (however not recommended)
Prerequisites for IIS Web Server
|Common HTTP Features||HTTP Redirection|
|Performance Features||Dynamic Content Compression|
|Static Content Compression|
|Security Features||Basic Authentication|
|Application Development||.Net Extensibility 4.x|
|WCF Features||.Net Framework 4.X||WCF Requirement for the Log API|
Note: Your client browser must support HTML 5, review the Client Browser prerequisites for additional details
The Update Service is involved in SQL Server related operations and Nodinite uses the Windows Service Microsoft Distributed Transaction Coordinator (DTC) that is responsible for coordinating transactions that span multiple resource managers. We have written a dedicated tutorial for Nodinite with our best practices for how to install and configure the DTC Windows Service.
You must configure the DTC as documented otherwise Nodinite Install and Update Tool will not be able to function
The Install and Update tool has two components which if installed on different Windows Servers can be run with different and least privileges according to details outlined in this paragraph.
When you install Nodinite Install and Update Tool running the Windows Installer (.MSI) a is assigned an IIS App Pool. This IIS App Pool is set to run with ASP.NET Impersonation and all consumers of the Install and Update Tool will be impersonated to this dedicated Windows Service account. For anyone to use the Install and Update Tool access rights must be assigned.
If the impersonated service account for IIS App Pool is not a local administrator then the Windows Domain account must be added to the local 'IIS_IUSRS' group. The account used must also be assigned certain SQL Rights, see next paragraph.
The Update Service is responsible for replacing files on the IIS, installing Windows Services which includes potentially remote start and stop commands. In a Windows Server environment this is a highly privileged function that only members of the local Administrators group are allowed to perform.
Note: The account must have Log on as Service Right AND be a local admin
Note: Regardless where you install the Update Service, the account for the Update Service must be a local administrator on all Nodinite App- and Web-servers
The Update Service is using the configured Windows Service Account during install and update operations and must have the following SQL rights assigned:
Assign the following Server Roles on all SQL Server Instances hosting any of the following Nodinite databases:
securityadmin (means the account has the right to become SYSADMIN) or
- SYSADMIN - this right is the only one required if accepted by your internal policies and then you can ignore the previous roles.
On the SQL Server instance with Configuration Database the account must have the following User Mapping (assigned by the installer tool during installation)
On the SQL Server instances with Log Databases the account must have the following User Mapping (assigned by the installer tool during installation)
Note 1: db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.
Note 2: If you are using SQL Server Always On please review additional steps required from the About SQL Server Always On Availability Groups user guide
Note: This is a very important test step and can be performed before you have installed anything else but the SQL MMC (SSMS) tool
The following SQL Query should return ‘Kerberos‘ running the SQL MMC from Nodinite Server against remote SQL Server instance
SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid;
If you have SQL Server installed locally then NTLM will be used instead of Kerberos, which is a simpler scenario and is supported by Nodinite
The Install and Update Tool requires both inbound and outbound ports to be opened. Since Nodinite is highly configurable, the actual ports in use may differ from what's being exampled here.
The Install and Update Tool requires both inbound and outbound ports to be open. Depending on your environment, different ports may be used. On a high level the following services must be allowed:
- TCP Ports for REST
- Inbound communication from consumers typically HTTP and HTTPS
- Outbound communication with Update Service(s) Nodinite performs internal alive checks
- Configuration Database - ports used to communicate with SQL Server
|80||HTTP||default for HTTP)|
|443||HTTPS||default for HTTPS)|
- 1-65535 - It all depends on what port you have assigned using 'Edit Bindings' for the Web Site hosting the Install and Update Tool (inbound and outbound see next bullet)
If you're going to host Nodinite on non-default ports, Please contact our support for guidance at email@example.com
- 8000 HTTP with X API Key (outbound)
- Update Service
The Install and Update Tool accesses the databases using the Impersonated Windows Account. You must ensure that TCP ports used are allowed by your firewalls, depending on location of the SQL database the actual ports used may differ. The following Windows Services are involved:
|53||DNS||The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the
|88||Kerberos||Review 'Microsoft Kerberos' user guide|
|135||DTC/RPC||This port is shared between many Windows Services|
|1433/...||SQL Server instance ports (multiple)||Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide|
Nodinite uses the SQL Server concept of Linked Servers and the Install and Update Tool eventually requires these to be properly configured BEFORE installing Nodinite.