- 07 Mar 2024
- 2 Minutes to read
- PDF
Software Prerequisites for Secure On-Premise DocFusion Installations in Production Environments
- Updated on 07 Mar 2024
- 2 Minutes to read
- PDF
Please review all installation prerequisites in this guide before proceeding with a DocFusion installation.
Software Prerequisites
Software requirements apply to all Node Servers in the DocFusion server topology.
Operating System
- Latest version of Windows Server Operating System (OS).
- Latest OS patches have been applied.
Microsoft Service Fabric Runtime (MSFR)
Version 9.1 or later of MSFR is installed. (Latest stable version is preferred).
Microsoft .NET Framework Runtime
- Version 4.8 of Microsoft .NET framework Runtime is installed.
- Version 4.7.2 of Microsoft .NET framework Runtime is also installed.
- Version 4.5.2 of Microsoft .NET framework Runtime is also installed.
- Version 7 of Microsoft .NET framework Runtime is also installed.
Certificates
- All certificates are valid.
- All certificates are installed on all Service Fabric Nodes.
- Installed certificates include their private keys.
- Certificates are installed for use as Cluster Certificates.
- Subject Alternative Name points to FQN (Full Qualified Name) of the cluster.
- Installed certificates are stored in Local Computer/Personal.
- Installed certificates are also stored in Local User/Personal (Jumpbox).
- Encipherment certificates are installed. (If you do not have them, please contact AIS/DocFusion).
- Encipherment certificates are stored in Local Computer/Personal.
- Encipherment certificates are also stored in Local User/Personal (Jumpbox).
Configuration Settings
For the configuration of either production or non-production server environments, it is recommended that the Microsoft Service Fabric documentation be consulted.
Node Server Topology
- If installing in Non-Production Environments, a minimum of one (1) server is required.
- If installing in Production Environments, a minimum of three (3) servers are required.
Load Balancing Settings
All mandatory rules from the table below have been applied to load balancers. Only apply the IDS rule when required.
LOAD BALANCING RULE | DESCRIPTION | NOTES |
---|---|---|
TCP/19000 | SF TCP connection | Mandatory |
TCP/19080 | Service Fabric Explorer | Mandatory |
TCP/443 | HTTPS | Mandatory |
TCP/8638 | Log Viewer | Mandatory |
TCP/44331 | IDS | Only when required |
TCP/4444 | Traefik Dashboard | Mandatory |
Service Fabric Settings
Automatic Scaling option is disabled on all Node Servers.
Firewall Whitelisting
- api.sendgrid.com is whitelisted for outbound traffic. Reason: password reset emails.
- online.docfusion-paas.com is whitelisted for inbound+outbound traffic. Reason: DocFusion licensing.
DNS (Domain Name Server) Services
The FQN (Full Qualified Name’s) of all Node Servers are configured in DNS services.
Ports
All ports listed in the table below are open on all Node Servers, NSG’s (Network Security Groups), and firewalls:
PORT NUMBER | USE |
---|---|
44331 | IDS (Identity Services) |
8638 | Log Viewer |
3389 | RDP (JIT) |
19000 | Service Fabric Runtime |
19080 | Service Fabric Explorer |
4444 | Traefik Dashboard |
443 | HTTPS, SendGrid |
9999 | docFusionWebApiPort |
8885 | Internal cluster comms for generator |
9994 | docFusionGeneratorWebApiPort |
9995 | docFusionCacheProxyWebApiPort |
User Access
- The same user account that runs the Service Fabric instance has Full Control of the SSL & Encryption certificates, and Read permissions on certificate private keys.
- DB_Owner account that DocFusion uses to connect to the database has been granted Full Access.
- SendGrid user profile is created.
SendGrid Templates
- All Email templates have been uploaded to SendGrid.
- SendGrid user profile (created above in User Access, point 3) has full access to all email templates.
Traefik Configuration
Traefik configuration file (dynamic_conf_template.toml) has been copied to the path c:\traefikconfig\dynamic_conf_template.toml on all Node Servers.
END OF PREREQUISITE LIST.