Prerequisites
Prerequisites
The following is a list of hardware and software requirements that have to be met by an infrastructure to guarantee the seamless operation of iCL Portal and also lists some architectural considerations.
In general, the system consists of a web server that hosts all application and presentation logic (JavaScript, HTML, etc.) which this document refers to as web front-end. The second part, the back-end, is a server that hosts the database. For report generation, the system relies on dox42 Server which is tethered using the iCL dox42 Service.
1 Single server setup
The following diagram shows an overview of all components of the system and their dependencies along with the required ports and protocols:
As you can see, the web front-end is the only part of the system that is directly accessed by iCL Filler apps, even for generating reports.
In general, all of the systems communicate via HTTP and HTTPS. Only the access to the file/blob storage of iCL Portal is using the operating system configured SMB protocol and the connection to the Microsoft SQL Server Database is usually using TCP port 1433. This, however can be specified in the connectionstring. (see 2.3.2)
Optional: In case you will host multiple tenants with each tenant having its own database, the Distributed Transaction Coordinator (DTC) service will be used. To configure this, you can follow the instructions in Configuring Microsoft Distributed Transactions Coordinator.
In case you are interested in a more detailed overview of what data is transmitted and when, please refer to Data transmission
2 Multi server setup (scaleout)
Depending on the load of your system, it may be necessary to host iCL Portal on more than one server. In order for this to work, you will need to setup two additional components: A load balancer and a machine that acts as distributed cache by running Redis.
In case you are interested in a more detailed overview of what data is transmitted and when, please refer to Data transmission
3 Hardware requirements
In a typical iCL Portal installation, the web frontend and the database are hosted on two distinct physical machines. Therefore they are listed separately here. Note that the requirements are derived from the requirements of the currently targeted minimum versions of the Windows Server 2012 operating system and the Microsoft SQL Server 2012 database server .
Minimum requirements of web front-end
- 2 GB disk storage (200 GB recommended)
- 4 GB RAM (8 GB recommended)
- 1,4-GHz processor with 64 bit (2-GHz multi-core processor with 64 bit recommended)
Minimum requirements of database server/back-end
- 50 GB disk storage, (100 GB SSD recommended)
- 4 GB RAM (1 GB RAM for SQL Server Express edition, 4GB+ recommended)
- 1,4-GHz processor with 64 bit (2-GHz multi-core processor with 64 bit recommended)
4 Software requirements
Minimum requirements of web front-end
Microsoft Windows Server 2012 x64 Standard Edition
Internet Information Services 8 or higher
Microsoft .NET Framework 4.6.2 or higher
Microsoft ASP.NET 4.5 or higher (including the WebSocket Protocol)
You can run the following commands in powershell to enable all required windows features
Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerRole
Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServer
Enable-WindowsOptionalFeature -Online -FeatureName IIS-CommonHttpFeatures
Enable-WindowsOptionalFeature -Online -FeatureName IIS-Security
Enable-WindowsOptionalFeature -Online -FeatureName IIS-RequestFiltering
Enable-WindowsOptionalFeature -Online -FeatureName IIS-StaticContent
Enable-WindowsOptionalFeature -Online -FeatureName IIS-DefaultDocument
Enable-WindowsOptionalFeature -Online -FeatureName IIS-DirectoryBrowsing
Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpErrors
Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpRedirect
Enable-WindowsOptionalFeature -Online -FeatureName IIS-ApplicationDevelopment
Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebSockets
Enable-WindowsOptionalFeature -Online -FeatureName IIS-ApplicationInit
Enable-WindowsOptionalFeature -Online -FeatureName IIS-NetFxExtensibility45
Enable-WindowsOptionalFeature -Online -FeatureName IIS-ISAPIExtensions
Enable-WindowsOptionalFeature -Online -FeatureName IIS-ISAPIFilter
Enable-WindowsOptionalFeature -Online -FeatureName IIS-ASPNET45
Enable-WindowsOptionalFeature -Online -FeatureName IIS-HealthAndDiagnostics
Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpLogging
Enable-WindowsOptionalFeature -Online -FeatureName IIS-LoggingLibraries
Enable-WindowsOptionalFeature -Online -FeatureName IIS-RequestMonitor
Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpTracing
Enable-WindowsOptionalFeature -Online -FeatureName IIS-BasicAuthentication
Enable-WindowsOptionalFeature -Online -FeatureName IIS-WindowsAuthentication
Enable-WindowsOptionalFeature -Online -FeatureName IIS-Performance
Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpCompressionStatic
Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerManagementTools
Enable-WindowsOptionalFeature -Online -FeatureName IIS-ManagementConsole
Enable-WindowsOptionalFeature -Online -FeatureName IIS-IIS6ManagementCompatibility
Enable-WindowsOptionalFeature -Online -FeatureName IIS-Metabase
Enable-WindowsOptionalFeature -online -FeatureName NetFx4Extended-ASPNET45Windows Identity Foundation To enable this windows feature, open a command prompt on the server machine and run the following command:
dism /online /Enable-Feature:Windows-Identity-Foundation
Download and install the Url-Rewrite module for IIS since this is used to automatically redirect any incoming HTTP requests to HTTPS
7-Zip for extacting the iCL Portal installation package
Notepad++ for editing the XML based configuration files
Minimum requirements of database server/back-end
- SQL Server 2008 R2 Express (SQL Server 2022 and newer recommended)
5 General considerations
When planning to setup your iCL Portal system, you must prepare a fully qualified domain name (FQDN) for the web front-end that is reachable both, from your company network and from your external network.
This is required so the iCL Filler apps on your users' mobile devices can access the portal with a single address. Otherwise your users would have to logout and login when switching between the networks. As the app can only keep the data of the currently logged-in user, all active inspections would get lost.
Also, if you ever change to scale-up the system, or do maintenance work, a FQDN allows you to do so transparently, without interrupting your users.
Additionally, you will need an SSL certificate (SHA2 256 bit at least as SHA1 has already been compromised in the past) for the web-frontend access via HTTPS. The certificate should be trusted by a third-party thrust authority, otherwise iCL Filler will prompt with a warning when the user tries to log-in to the iCL Portal.
Running iCL Portal via HTTP is not supported, as your system might get compromised!
6 Application telemetry
Our utmost goal is to ensure that your systems run without issues and your users have a smooth experience. In order to be able to detect and analyze any problems concerning iCL Portal (slow queries, failing requests, recurring exceptions), iCL Portal periodically sends telemetry data to a service called Microsoft Application Insights.
For this to work, make sure that
Either all outgoing traffic on port 443 is allowed in your firewall settings
Or you allow outgoing connections to all IP addresses used by the Application Insights service. The list of IP addresses can be found at: https://docs.microsoft.com/en-us/azure/application-insights/app-insights-ip-addresses#outgoing-ports Also make sure, that you add the user, which is used to run the application pool of iCL Portal, to the Performance Monitor Users group. In this example, it is the DefaultAppPool identity. (But it could be a domain user in your system)
