Product Documentation

System Requirements for Server Roles

Jun 05, 2015
Updated: 2013-05-21

The sections in this topic describe supported platforms, required software, and other information that will be used when you install and configure the core components (server roles) that comprise the Services Manager platform. The Services Manager server role installer (Setup Tool) handles many of the prerequisites, such as installing .NET Framework 4.0, enabling Web Server roles, and enabling MSMQ features. (The .NET software is also available in the Support folder of the Services Manager installation media.) See Plan for deploying the Services Manager platform for additional preparation information.

Active Directory and Exchange requirements

Services Manager supports Active Directory Domain Services on the following platforms:
  • Windows Server 2012
  • Windows Server 2008 R2
  • Windows Server 2008

At a minimum, the domain functional level must be Windows Server 2008.

Before the Services Manager platform can be deployed, the Active Directory schema must be extended to include the standard Exchange attributes and prepare the environment for multi-tenancy. You can extend the schema through one of the following methods:
  • Use the Schema Prep tool from the Microsoft Exchange installation media. This method applies if you do not plan to deploy Exchange 2007 or 2010 and you do not intend to deploy the Exchange web service. In general, to deploy the Schema Prep tool, you enter the following command in a Command Prompt window:
    setup /p /on:OrganizationName
  • Deploy Exchange. This method applies if you plan on installing the Exchange web service in your Services Manager deployment. Extending the Active Directory schema is part of the Exchange deployment process.
The domain user account used to extend the Active Directory schema or install the Services Manager platform components must belong to the following groups:
Group Name Required for Services Manager platform installation Required for extending Active Directory schema
Domain Admins Yes Yes
Enterprise Admins No Yes
Schema Admins No Yes

If any server (including DNS) is not in the domain, the same user account should be set up as a local user on that server with the same password, as a member of the local Administrators group.

Security requirements

To ensure your deployment is protected from external threats, consider creating an account lockout policy that disables a user's account for a specified period when an incorrect password is entered a specified number of times. When this policy is set each failed logon attempt is recorded on the primary domain controller.

Before implementing an account lockout policy, consider carefully the risks and benefits of implementation to your Services Manager deployment. For more information about configuring this policy, see the Microsoft TechNet article, "Account Lockout Policy Technical Overview."

DNS requirements

Services Manager uses DNS aliases internally for the core components. Create CNAME records for the following roles and components:
Platform component Alias
Database server CORTEXSQL
Provisioning server CORTEXPROVISIONING
Web server CORTEXWEB
Reporting Services CORTEXREPORTS

Database server requirements

The database server hosts the system databases that are required for Services Manager to operate. When preparing the database server, ensure the following requirements are met:
Hardware configuration
  • Two or more server-class processors, 2.0 GHz or higher.
  • Minimum 4 GB RAM recommended
  • Minimum 10 GB free disk space available for file growth
Operating system Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with all recommended updates installed.
User Account Control (UAC) Disabled.
Database server Microsoft SQL Server 2008 R2 or 2012, with all recommended updates installed.
Authentication Mixed mode enabled (SQL and Windows Authentication).
SQL connection types Local and remote SQL connections enabled.
Installation account Configure the account to be used during installation with the SysAdmin role. If you cannot do this in SQL, you can use an account with SysAdmin rights. You can remove this account after installation completes.
Firewall Windows Firewall must allow connections through the database instance port (default=1433).

When you install SQL Server, make note of the instance name (default=default) and port (default=1433). You will need this information when you configure the server for use with Services Manager.

During platform installation, the following databases are created:
  • OLM: The core database for customer and user information
  • OLMReports: Stores legacy reporting data and some system settings
  • OLMReporting: Stores reporting data
Additionally, the following SQL accounts are created for accessing the databases:
  • CortexProp
  • OLMUser
  • OLMReportsUser
  • OLMReportingUser

Two SQL jobs are installed on the database server: Gather Daily Stats Data and Gather Monthly Stats Data.

Provisioning server requirements

If you are installing the Provisioning server role on a domain controller, give the ProvisioningUsers security group the Allow logon locally permission. However, for security reasons, Citrix recommends installing the Provisioning engine on a server that does not act as a domain controller in your network environment.

When preparing a server to host the Provisioning server role, ensure the following requirements are met:
Hardware configuration
  • Two or more server-class processors, 2.0 GHz or higher.
  • Minimum 2 GB RAM recommended
  • Minimum 2 GB free disk space available
Operating system Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with all recommended updates installed.
User Account Control (UAC) Disabled.
.NET Version .NET Framework 4.0 installed. This software is included in the Support folder of the Services Manager installation media.
Firewall Windows Firewall must allow inbound TCP requests on port 80.
Windows server features (Setup installs this requirement) Enable the following features:
  • Message Queuing > Message Queuing Services > Message Queuing Server
  • Message Queuing > Message Queuing Services > HTTP Support (only if the server is not in the domain)
  • Telnet client
  • Windows PowerShell
SQL Server Management Objects Install the 64-bit variant of the Microsoft SQL Server 2008 Shared Management Objects (SMO). This software is included in the Support folder of the Services Manager installation media. The Services Manager Setup Tool can also install this requirement when you install the Provisioning server role.
Domain membership and privileges
  • Server must be a member of the domain.
  • Service must have full domain administrator privileges.
SMTP server Required. Depending on the notification, the Provisioning server also needs a temporary directory for assembling the email. The SMTP server can also be used by the Report Mailer server role. When configuring the Provisioning server role, you will need to provide the SMTP server address and port number.

Directory Web Service

In general, the Directory Web Service is installed on the same server that hosts the Provisioning server role. If you are installing the Directory Web Service on a domain controller, give the CortexWSUsers and the Proxy Users groups the Allow logon locally permission. However, for security reasons, Citrix recommends installing this role on a server that does not act as a domain controller in your network environment.

When preparing a server to host the Directory Web Service, ensure the following server requirements are met:
Hardware configuration
  • Two or more server-class processors, 2.0 GHz or higher.
  • Minimum 2 GB RAM recommended
  • Minimum 2 GB free disk space available
Operating system Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with all recommended updates installed.
User Account Control (UAC) Disabled.
.NET Version .NET Framework 4.0 installed. This software is included in the Support folder of the Services Manager installation media.
Firewall Windows Firewall must allow inbound TCP requests on port 8095.
Windows server features Enable the following features:
  • Web Server > Application Development > ASP.NET
  • Web Server > Security > Basic Authentication
  • Web Server > Security > Windows Authentication
  • Management Tools > IIS Management Console
  • Management Tools > IIS Management Scripts and Tools
  • PowerShell 2.0

Web server requirements

When preparing a server to host the web server, ensure the following requirements are met:
Hardware configuration
  • Two or more server-class processors, 2.0 GHz or higher.
  • Minimum 2 GB RAM recommended
  • Minimum 2 GB free disk space available
Operating system Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with all recommended updates installed.
User Account Control (UAC) Disabled.
.NET Version .NET Framework 4.0 installed
Firewall Open port 80 from the web server to the SQL Reporting Services server.
Report Viewer version Microsoft Report Viewer 2008 SP1.
Windows server roles Enable the following roles:
  • Web Server > Application Development > ASP.NET
  • Web Server > Security > Basic Authentication
  • Web Server > Security > Windows Authentication
  • Management Tools > IIS Management Console
  • Management Tools > IIS Management Scripts and Tools
SQL Server Management Objects Install the 32-bit variant of the Microsoft SQL Server 2008 Shared Management Objects (SMO). This is available in the Support folder of the Services Manager installation media.

During platform configuration, you will need to know the host header required for the web site. This is the URL used to access the Services Manager control panel. The Configuration Tool refers to this as the external address.

When you install the web server role, the following items are installed:
  • CortexMgmt Application Pool: Runs the Management Site.
  • Cortex Management Site: Contains the CortexDotNet and CortexAPI web applications.

CortexDotNet is the service that runs the control panel. CortexAPI is the XML-based web service that automates management tasks.

Accessing the web server is supported on the following web browsers:
  • Internet Explorer 8, 9, and 10
  • Firefox 17.x and 18.x
  • Chrome 25.x
  • Safari 5.x
Note: If you intend to access the web server with Internet Explorer 10, install the hotfix for .NET Framework 4.0 available from Microsoft Knowledge Base article 2600088 (http://support.microsoft.com/kb/2600088) on the web server. This hotfix updates the ASP.NET browser definitions which enables the control panel to function as expected with Internet Explorer 10. If you do not want to install this hotfix, use Internet Explorer 8 or 9 or supported Firefox, Chrome, and Safari browsers to access the web server.

The Autologin tool supports Windows XP SP3, Windows 7 SP1, and Windows Server 2008.

Reporting and data warehouse requirements

SQL Reporting Services is the engine for providing reporting capabilities in Services Manager. The Reporting service and data warehouse are installed on the server hosting SQL Reporting Services. When preparing a server to for installing and configuring the Reporting service and data warehouse, ensure the following requirements are met:
Hardware configuration
  • Two or more server-class processors, 2.0 GHz or higher.
  • Minimum 4 GB RAM recommended
  • Minimum 10 GB free disk space available for file growth
Operating system Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with all recommended updates installed.
Firewall Open port 1433 between the Reporting server and the database server. Allow connections through the reporting port (default=80).
.NET version .NET Framework 4.0 installed. This software is included in the Support folder on the Services Manager installation media.
Database server Microsoft SQL Server 2008 R2 or 2012, with all recommended updates installed.
Database Authentication Windows Authentication enabled.
SSRS Service account Set the SQL Server Reporting Services service account to Network Service.
SQL connection types Local and remote SQL connections enabled.
SSRS Administrator account In SQL Server Reporting Services, create a dedicated user with the System Administrator role; domain administrator rights are not required. Use this account when deploying the Reporting server role.
SQL Server Management Objects (SMO) Services Manager setup installs Microsoft SQL Server Shared Management Objects automatically when the Reporting server role is deployed. SMO is also available in the Support folder of the Services Manager installation media.
Report Server configuration file modifications Verify that the Report Server configuration file (C:Program FilesMicrosoft SQL ServerMSRS10.MSSQLSERVERReporting ServicesReportServerrsreportserver.config) contains the entry "<AuthenticationTypes><RSWindowsNTLM/> <RSWindowsNegotiate/> </AuthenticationTypes>".
SMTP server Required for the data warehouse. You can specify the SMTP server used with the Provisioning server; however, it must allow relays from the data warehouse server.
OCS Monitoring If you intend to use the OCS Monitoring service in your Services Manager environment, install and enable this service on the OCS 2007 server.