Skip to main content



The following is a list of hardware and software requirements that have to be met by an infrastructure to guarantee the seamless operation of iCL Portal and also lists some architectural considerations. In general, the system consists of a web server that hosts all application and presentation logic (JavaScript, HTML, etc.) which this document refers to as web front-end. The second part, the back-end, is a server that hosts the database. For report generation, the system relies on dox42 Server which is tethered using the iCL dox42 Service.

1 Single server setup

The following diagram shows an overview of all components of the system and their dependencies along with the required ports and protocols:

As you can see, the web front-end is the only part of the system that is directly accessed by iCL Filler apps, even for generating reports.

In general, all of the systems communicate via HTTP and HTTPS. Only the access to the file/blob storage of iCL Portal is using the operating system configured SMB protocol and the connection to the Microsoft SQL Server Database is usually using TCP port 1433. This, however can be specified in the connectionstring. (see 2.3.2)

Optional: In case you will host multiple tenants with each tenant having its own database, the Distributed Transaction Coordinator (DTC) service will be used. To configure this, you can follow the instructions in Configuring Microsoft Distributed Transactions Coordinator.

Detailed data transmission information

In case you are interested in a more detailed overview of what data is transmitted and when, please refer to Data transmission

2 Multi server setup (scaleout)

Depending on the load of your system, it may be necessary to host iCL Portal on more than one server. In order for this to work, you will need to setup two additional components: A load balancer and a machine that acts as distributed cache by running Redis.

The two web front-ends running iCL Portal will be configured the same way as in a single server scenario. However, they must share the same file system using a SMB network share and connect to a central redis cache.
Detailed data transmission information

In case you are interested in a more detailed overview of what data is transmitted and when, please refer to Data transmission

3 Hardware requirements

In a typical iCL Portal installation, the web frontend and the database are hosted on two distinct physical machines. Therefore they are listed separately here. Note that the requirements are derived from the requirements of the currently targeted minimum versions of the Windows Server 2012 operating system and the Microsoft SQL Server 2012 database server .

Minimum requirements of web front-end

  • 2 GB disk storage (200 GB recommended)
  • 4 GB RAM (8 GB recommended)
  • 1,4-GHz processor with 64 bit (2-GHz multi-core processor with 64 bit recommended)

Minimum requirements of database server/back-end

  • 50 GB disk storage, (100 GB SSD recommended)
  • 4 GB RAM (1 GB RAM for SQL Server Express edition, 4GB+ recommended)
  • 1,4-GHz processor with 64 bit (2-GHz multi-core processor with 64 bit recommended)

4 Software requirements

Minimum requirements of web front-end

  • Microsoft Windows Server 2012 x64 Standard Edition

  • Internet Information Services 8 or higher

  • Microsoft .NET Framework 4.6.2 or higher

  • Microsoft ASP.NET 4.5 or higher (including the WebSocket Protocol)

    You can run the following commands in powershell to enable all required windows features

     Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerRole
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServer
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-CommonHttpFeatures
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-Security
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-RequestFiltering
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-StaticContent
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-DefaultDocument
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-DirectoryBrowsing
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpErrors
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpRedirect
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-ApplicationDevelopment
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebSockets
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-ApplicationInit
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-NetFxExtensibility45
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-ISAPIExtensions
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-ISAPIFilter
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-ASPNET45
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-HealthAndDiagnostics
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpLogging
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-LoggingLibraries
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-RequestMonitor
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpTracing
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-BasicAuthentication
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-WindowsAuthentication
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-Performance
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpCompressionStatic
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerManagementTools
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-ManagementConsole
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-IIS6ManagementCompatibility
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-Metabase
    Enable-WindowsOptionalFeature -online -FeatureName NetFx4Extended-ASPNET45
  • Windows Identity Foundation To enable this windows feature, open a command prompt on the server machine and run the following command: dism /online /Enable-Feature:Windows-Identity-Foundation

  • Download and install the Url-Rewrite module for IIS since this is used to automatically redirect any incoming HTTP requests to HTTPS

  • 7-Zip for extacting the iCL Portal installation package

  • Notepad++ for editing the XML based configuration files

Minimum requirements of database server/back-end

  • SQL Server 2008 R2 Express (SQL Server 2022 and newer recommended)

5 General considerations

When planning to setup your iCL Portal system, you must prepare a fully qualified domain name (FQDN) for the web front-end that is reachable both, from your company network and from your external network.

This is required so the iCL Filler apps on your users' mobile devices can access the portal with a single address. Otherwise your users would have to logout and login when switching between the networks. As the app can only keep the data of the currently logged-in user, all active inspections would get lost.

Also, if you ever change to scale-up the system, or do maintenance work, a FQDN allows you to do so transparently, without interrupting your users.

Additionally, you will need an SSL certificate (SHA2 256 bit at least as SHA1 has already been compromised in the past) for the web-frontend access via HTTPS. The certificate should be trusted by a third-party thrust authority, otherwise iCL Filler will prompt with a warning when the user tries to log-in to the iCL Portal.

SSL only

Running iCL Portal via HTTP is not supported, as your system might get compromised!

6 Application telemetry

Our utmost goal is to ensure that your systems run without issues and your users have a smooth experience. In order to be able to detect and analyze any problems concerning iCL Portal (slow queries, failing requests, recurring exceptions), iCL Portal periodically sends telemetry data to a service called Microsoft Application Insights.

For this to work, make sure that

  • Either all outgoing traffic on port 443 is allowed in your firewall settings

  • Or you allow outgoing connections to all IP addresses used by the Application Insights service. The list of IP addresses can be found at: Also make sure, that you add the user, which is used to run the application pool of iCL Portal, to the Performance Monitor Users group. In this example, it is the DefaultAppPool identity. (But it could be a domain user in your system)