Contents x
Software Prerequisites for Secure On-Premise DocFusion Installations in Production Environments
  • 07 Mar 2024
  • 2 Minutes to read
  • PDF
Contents

Software Prerequisites for Secure On-Premise DocFusion Installations in Production Environments

  • Updated on 07 Mar 2024
  • 2 Minutes to read
  • PDF
Article Summary

Important!
These prerequisites are mandatory for the installation of DocFusion. They ensure that the server software environment is adequately prepared. Failing to comply may create instability, or performance impediments, that are outside the control of DocFusion’s environment management facilities. Non-compliance to these prerequisites renders any support plans ineffective.

Please review all installation prerequisites in this guide before proceeding with a DocFusion installation.


Software Prerequisites

Software requirements apply to all Node Servers in the DocFusion server topology.


Operating System

  1. Latest version of Windows Server Operating System (OS).
  2. Latest OS patches have been applied.
View a list of supported versions of Windows to run Service Fabric:
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-versions


Microsoft Service Fabric Runtime (MSFR)

Version 9.1 or later of MSFR is installed. (Latest stable version is preferred).

Version 9.1 MSFR is the minimum for compatibility with DocFusion.
No other versions of MSFR are supported. View more information about MSFR versions here: https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-versions


Microsoft .NET Framework Runtime

  1. Version 4.8 of Microsoft .NET framework Runtime is installed.
  2. Version 4.7.2 of Microsoft .NET framework Runtime is also installed.
  3. Version 4.5.2 of Microsoft .NET framework Runtime is also installed.
  4. Version 7 of Microsoft .NET framework Runtime is also installed.


Certificates

  1. All certificates are valid.
  2. All certificates are installed on all Service Fabric Nodes.
  3. Installed certificates include their private keys.
  4. Certificates are installed for use as Cluster Certificates.
  5. Subject Alternative Name points to FQN (Full Qualified Name) of the cluster.
  6. Installed certificates are stored in Local Computer/Personal.
  7. Installed certificates are also stored in Local User/Personal (Jumpbox).
  8. Encipherment certificates are installed. (If you do not have them, please contact AIS/DocFusion).
  9. Encipherment certificates are stored in Local Computer/Personal.
  10. Encipherment certificates are also stored in Local User/Personal (Jumpbox).


Configuration Settings

For the configuration of either production or non-production server environments, it is recommended that the Microsoft Service Fabric documentation be consulted.


Node Server Topology

  1. If installing in Non-Production Environments, a minimum of one (1) server is required.
  2. If installing in Production Environments, a minimum of three (3) servers are required.


Load Balancing Settings

All mandatory rules from the table below have been applied to load balancers. Only apply the IDS rule when required.

LOAD BALANCING RULE
DESCRIPTION
NOTES

TCP/19000

SF TCP connection

Mandatory

TCP/19080

Service Fabric Explorer

Mandatory

TCP/443

HTTPS

Mandatory

TCP/8638

Log Viewer

Mandatory

TCP/44331

IDS

Only when required

TCP/4444

Traefik Dashboard

Mandatory


Service Fabric Settings

Automatic Scaling option is disabled on all Node Servers.


Firewall Whitelisting

  1. api.sendgrid.com is whitelisted for outbound traffic. Reason: password reset emails.
  2. online.docfusion-paas.com is whitelisted for inbound+outbound traffic. Reason: DocFusion licensing.


DNS (Domain Name Server) Services

The FQN (Full Qualified Name’s) of all Node Servers are configured in DNS services.


Ports

All ports listed in the table below are open on all Node Servers, NSG’s (Network Security Groups), and firewalls:

PORT NUMBER
USE

44331

IDS (Identity Services)

8638

Log Viewer

3389

RDP (JIT)

19000

Service Fabric Runtime

19080

Service Fabric Explorer

4444

Traefik Dashboard

443

HTTPS, SendGrid

9999

docFusionWebApiPort

8885

Internal cluster comms for generator

9994
docFusionGeneratorWebApiPort
9995
docFusionCacheProxyWebApiPort


User Access

  1. The same user account that runs the Service Fabric instance has Full Control of the SSL & Encryption certificates, and Read permissions on certificate private keys.
  2. DB_Owner account that DocFusion uses to connect to the database has been granted Full Access.
  3. SendGrid user profile is created.


SendGrid Templates

  1. All Email templates have been uploaded to SendGrid.
  2. SendGrid user profile (created above in User Access, point 3) has full access to all email templates.


Traefik Configuration

Traefik configuration file (dynamic_conf_template.toml) has been copied to the path c:\traefikconfig\dynamic_conf_template.toml on all Node Servers.


END OF PREREQUISITE LIST.

Was this article helpful?
What's Next