Product Documentation

System Requirements for Server Roles

Jun 05, 2015
Updated: 2012-11-12

The sections in this topic describe supported platforms, required software, and other information that will be used when you install and configure the core components (server roles) that comprise the Services Manager platform. The Services Manager server role installer (Setup Tool) handles many of the prerequisites, such as installing .NET Framework 4.0, enabling web server roles, and enabling MSMQ features. (The .NET software is also available in the Support folder of the Services Manager installation media.) See Installing and Configuring Roles and Locations for additional preparation information.

Active Directory and Exchange

This release of Services Manager supports Active Directory Domain Services on the following platforms:
  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows Server 2003

At a minimum, the domain functional level must be Windows Server 2003.

Before the Services Manager platform can be deployed, the Active Directory schema must be extended to include the standard Exchange attributes. To do this, use one of the following methods:
  • Use the Schema Prep tool from the Microsoft Exchange installation media. Use this method if you do not plan to deploy Exchange and you do not intend to deploy the Exchange web service. In general, to deploy the Schema Prep tool, you execute the following command on the directory where the Exchange installation media resides:
    setup /p /on:OrganizationName
  • Deploy Exchange. Use this method if you plan on installing the Exchange web service in your Services Manager deployment. Extending the Active Directory schema is part of the Exchange deployment process.
The domain user account used to extend the Active Directory schema or install the Services Manager platform components must belong to the following groups:
Group Name Required for Services Manager platform installation Required for extending Active Directory schema
Domain Admins Yes Yes
Enterprise Schema No Yes
Schema Admins No Yes

If any server (including DNS) is not in the domain, the same user account should be set up as a local user on that server with the same password, as a member of the local Administrators group.

DNS Server

Services Manager uses DNS aliases to locate and reference the component servers during the platform install and configuration process, and during provisioning operations. To ensure successful deployment and operation of Services Manager, create the following CNAME records for each of these components. Point the CNAME records to each server's fully qualified domain name.
Platform component Alias
Database server CORTEXSQL
Provisioning server CORTEXPROVISIONING
Web server CORTEXWEB
Reporting Services CORTEXREPORTS

Database Server

Hardware configuration
  • Two or more server-class processors, 2.0 GHz or higher
  • Minimum 4 GB RAM recommended
  • Minimum 10 GB free disk space available for file growth
Operating system Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with all recommended updates installed.
User Account Control (UAC) Disabled.
Database server Microsoft SQL Server 2008 R2, with all recommended updates installed.
Authentication Mixed mode (SQL and Windows Authentication)
SQL connection types Local and remote connections enabled.
Installation account Configure the account to be used during installation with the SysAdmin role. If you cannot do this in SQL, you can use an account with SysAdmin rights. You can remove this account after the installation finishes.
Firewall Allow inbound TCP connections through the database instance port. For a default SQL instance, this is port 1433.

When you install SQL Server, make note of the instance name and port. You will need this information when you configure the server for use with Services Manager.

During platform installation, the following databases are installed:
  • OLM - core database for customer and user information
  • OLMReports - stores legacy reporting data and some system settings
  • OLMReporting - stores reporting data
  • ExchangeLogs - stores Exchange information
The following SQL accounts are created for accessing the databases:
  • CortexProp
  • OLMUser
  • OLMReportsUser
  • OLMReportingUser
  • ExchangeLogsUser

Two SQL jobs are installed on the database server: Gather Daily Stats Data and Gather Monthly Stats Data.

SQL Reporting Services

Hardware configuration
  • Two or more server-class processors, 2.0 GHz or higher
  • Minimum 4 GB RAM recommended
  • Minimum 10 GB free disk space available for file growth
Operating system Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with all recommended updates installed.
User Account Control (UAC) Disabled.
Database server Microsoft SQL Server 2008 R2, with all recommended updates installed.
Service account Set the SQL Reporting Services service account to Network Service.
SQL connection types Local and remote connections enabled.
Firewall Allow inbound TCP connections through the reporting port. The default port is 80.
Authentication Verify that the Report Server configuration file (C:Program FilesMicrosoft SQL ServerMSRS10.MSSQLSERVERReporting ServicesReportServerrsreportserver.config) contains the entry "<AuthenticationTypes><RSWindowsNTLM /> <RSWindowsNegotiate /> </AuthenticationTypes>".
Administrator account In Reporting Services, create a dedicated user with the System Administrator role; domain administrator rights are not required. You will need this user information when configuring Reporting in the Services Manager configuration tool.

Provisioning Server

Hardware configuration
  • Two or more server-class processors, 2.0 GHz or higher
  • Minimum 4 GB RAM recommended
  • Minimum 10 GB free disk space available for file growth
Operating system Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with all recommended updates installed.
User Account Control (UAC) Disabled.
.NET Version .NET Framework 4.0 (Full) installed.
Firewall Allow inbound TCP connections through port 8095.
Windows Server features (installed by the Setup Tool, if not enabled)
Enable the following features:
  • Message Queuing > Message Queuing Services > Message Queuing Server
  • Message Queuing > Message Queuing Services > HTTP Support (only if the server is not in the domain)
  • Telnet client
  • Windows PowerShell
SQL Server Management Objects (installed by the Setup Tool, if not present) Install the 64-bit variant of the Microsoft SQL Server 2008 Shared Management Objects (SMO). This is available in the Support folder of the Services Manager installation media.
SMTP server Required for sending email notifications through Services Manager. Depending on the notification, the Provisioning server also needs a temporary directory for assembling the email. As an SMTP server is also required for the Report Mailer, the same SMTP server can be used for both the Provisioning server and the Report Mailer. For both roles, you supply the SMTP server details when you configure each server role.
Domain membership and privileges
  • Server must be a member of the domain
  • Service account must have full domain administrator privileges

If you are installing the Provisioning server on a domain controller, give the ProvisioningUsers security group logon locally permission. However, for security reasons, Citrix recommends installing the Provisioning server on a server other than a domain controller.

Web Server

The Services Manager uses the DNS alias CortexWeb to refer to the server hosting the Web Server.

Hardware configuration
  • Two or more server-class processors, 2.0 GHz or higher
  • Minimum 4 GB RAM recommended
  • Minimum 10 GB free disk space available for file growth
Operating system Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with all recommended updates installed.
User Account Control (UAC) Disabled.
.NET version .NET Framework 4.0 (Full) installed.
Firewall Allow outbound connections to SQL Reporting Services on port 80.
Report Viewer version Microsoft Report Viewer 2008 SP1
Windows Server roles
Enable the following roles:
  • Web Server > Application Development > ASP.NET
  • Web Server > Security > Basic Authentication
  • Web Server > Security > Windows Authentication
  • Management Tools > IIS Management Console
  • Management Tools > IIS Management Scripts and Tools
SQL Server Management Objects (installed by the Setup Tool, if not present) Install the 32-bit variant of the Microsoft SQL Server 2008 Shared Management Objects (SMO). This is available in the Support folder of the Services Manager installation media.
Domain membership and privileges
  • Server must be a member of the domain
  • Service must have full domain administrator privileges

During platform configuration, you will need to know the host header required for the web site. This is the URL used to access the control panel. The Configuration Tool refers to this as the external address.

When you install the Web Server role, the following items are installed:
  • CortexMgmt Application Pool - used to run the Management Site.
  • Cortex Management Site - contains the following web applications:
    • CortexDotNet - main management portal
    • CortexAPI - XML-based web service used to automate management
The Web Server role supports:
  • Internet Explorer 8 and 9
  • Firefox 3.x and 4.x
  • Chrome 12.x
  • Safari 5.x
The Web Server role supports client operating system access from:
  • Windows XP SP3
  • Windows 7 SP1
  • Windows Server 2008
  • Mac OS X 10.x

The Autologin tool supports Windows XP SP3, Windows 7 SP1, and Windows Server 2008.

Directory Web Service

If you are installing the Directory Web Service on a domain controller, give the CortexWSUsers and the Proxy Users groups logon locally permission. However, for security reasons, Citrix recommends installing this role on a server other than a domain controller.

Enable the following roles and features:
  • Web Server > Application Development > ASP.NET
  • Web Server > Security > Basic Authentication
  • Web Server > Security > Windows Authentication
  • Management Tools > IIS Management Console
  • Management Tools > IIS Management Scripts and Tools
  • PowerShell 2.0

Data Warehouse (Reporting)

Operating system Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with all recommended updates installed.
User Account Control (UAC) Disabled.
.NET version .NET Framework 4.0 (Full) installed.
Firewall Allow outbound connections to the database server on port 1433.
Database server SQL Server 2008 R2
Database server authentication Mixed mode (SQL and Windows Authentication)
Reporting SQL Server Reporting Services 2008 R2
SQL Server Management Objects (installed by the Setup Tool, if not present) Services Manager installs this component automatically when the Data Warehouse role is deployed. This is available in the Support folder of the Services Manager installation media.
Installation account Ensure the account used for installing this role is a SysAdmin on the server.
RSReportServer modifications In RsReportServer.config, under <RSWindowsNTLM/>, enable <RSWindowsNegotiate/>.
SMTP server Because the Provisioning server also requires a SMTP server, you can specify the same SMTP server when you deploy each server role. The SMTP server must allow relays from the Reporting server.
Additional requirements:
  • If you will be using the OCS Monitoring service, install and enable the OCS Monitoring Service on the OCS 2007 server.
  • If you will be using the SharePoint 3 service, most headers for all sites must be resolvable on the SharePoint 3 server where the SharePoint service is installed and used by the data collection.

Firewall Configuration

The following table lists the default connectivity configuration between the Services Manager roles. Configure these before installing the roles.
Traffic/Port From To Purpose
TCP 8095 Web Server Provisioning Engine Authenticate users and read-time Active Directory lookups
MSMQ*, HTTP, or HTTPS Web Server Provisioning Engine Provisioning request
TCP 1433** Provisioning Engine SQL Server Access to provisioning rules, write statistics
TCP 1433** Web Server SQL Server Access to customer and user information
TCP 80 Web Server SQL Reporting Services server Access to SQL Reporting Services

* MSMQ comprises several ports, as specified by Microsoft.

** The supported SQL versions use TCP 1433 only for the default instance; other named instances use a dynamically assigned port. If your installation is not the default instance and a firewall separates the SQL server from the other Services Manager roles, you must override the dynamic behavior by allocating a specific port.