Prerequisites for the Nodinite Install and Update Tool
This page describes the prerequisites to successfully install and run the Nodinite Install and Update Tool.
The Nodinite Install and Update Tool has two components that need to be installed:
- Install and Update Tool Web Interface hosted within IIS
- Update Service; a Windows Service.
Usually, these two components are installed on the same server. The Windows Installer (MSI) allows you to select which components to install during execution, more about that can be further explored in the Installing and Configuring - Install and Update Tool page.
Scenario 1: Simple setup
In the scenario below the Install and Update Tool and the Update Service are installed on the same Windows Server.
| Verified | Topic |
|---|---|
| Software Requirements | |
| IIS Default Web Site | |
| Linked Server | |
| Windows rights | |
| Database rights | |
| Firewall |
Use the checklist above to verify that you have performed all steps required for the Nodinite Install and Update tool.
Software Requirements
| Product | ||
|---|---|---|
| Windows Server | Windows 2022Windows 2019Windows 2016Windows 2012 R2 | Make sure to Domain join the server. |
| SQL Server Package (DACPAC) | DACFramework.msi | Latest sqlpackage |
| .NET Framework | .NET Framework 4.8 or later New 6.0 | Our recommendation is to use .NET Framework 4.8.1 on hosts with Nodinite components. |
Versions 6.0 and later make use of the .NET Framework 4.8 or later.
Versions 5.4 and subsequently make use of the .NET Framework 4.6.2 or later.
Versions before 5.4 make use of the .NET Framework 4.5.2 or later.
- Windows 2012. We do not recommend this version or older as it does not support .NET 5, and later. You cannot install Nodinite 7 on this Windows Server version.
- Windows 2008 R2. We do not recommended this version since it is outdated, requires additional administration and maintenance. You cannot install Nodinite 7 on this Windows Server version.
Nodinite requires DACPAC SQL Binaries used for installing and updating databases. You can (and should) install a higher version (latest) compared to your SQL Server since Microsoft provides backwards compatibility. The other way around is not supported. There is no licensing cost associated with installing and running the Microsoft DACPAC binaries.
Use the latest SSMS version to ensure you have a valid version of the required SQL Server binaries, and it's only one installer (although larger)
If you experience issues installing or updating the Nodinite databases; Then almost always, the problems is with an incompatible old version.
If you co-host Nodinite components with other applications, make sure to review the combined prerequisites to avoid problems with conflicting versions of 3rd party tools, frameworks and more.
Tip
Make sure to Domain join the Windows Server to allow business users easy access using Windows Active Directory Groups and Users.
Software Recommendation
In addition, our recommendation is that you install the following software:
| Product | ||
|---|---|---|
| SQL Server Management Studio (SSMS) | Match SQL version in use, or use a higher version | Latest SSMS |
| Notepad++ | Download | Makes it easy to manage configuration files |
IIS Default Web Site
Your IIS must be properly configured with the following Windows Roles and Features:
Note
The Default Web Site must exist within your IIS(!) The installer will fail otherwise and there is no supported workaround. Nodinite Core Services may be installed on other Web Sites (however not recommended).
Prerequisites for IIS Web Server
| Feature | Name | Comment |
|---|---|---|
| Common HTTP Features | HTTP Redirection | |
| Static Content | ||
| Performance Features | Dynamic Content Compression | |
| Static Content Compression | ||
| Security Features | Basic Authentication | |
| Windows Authentication | ||
| Application Development | .Net Extensibility 4.x | |
| ASP.NET 4.x | ||
| ISAPI Extensions | ||
| ISAPI Filters | ||
| WCF Features | .Net Framework 4.X | WCF Requirement for the Log API |
 |
This feature has been deprecated. It was available with Nodinite versions 1-5 |
Info
Uour client browser must support HTML 5, review the Client Browser prerequisites for additional details
Microsoft Distributed Transaction Coordinator (DTC)
The Update Service is involved in SQL Server related operations and Nodinite uses the Windows Service Microsoft Distributed Transaction Coordinator (DTC) that is responsible for coordinating transactions that span multiple resource managers. We have written a dedicated tutorial for Nodinite with our best practices for how to install and configure the DTC Windows Service.
You must configure the DTC as documented otherwise Nodinite Install and Update Tool will not be able to function
What Windows rights does the Install and Update Tool require?
The Install and Update tool has two features. These may be installed on different Windows Servers where they can run with different, and least privileges according to the details outlined next.
1. Web-based User Interface
When you install the Nodinite Install and Update Tool (executing the Windows Installer .MSI) the specified account is assigned a new IIS App Pool. This IIS App Pool is set to run with ASP.NET Impersonation and all consumers of the Install and Update Tool will be impersonated to this dedicated Windows Service account. For anyone to use the Install and Update Tool access rights must be assigned.
The Install and Update Tool uses ASP.NET Impersonation which is a feature built-into IIS and further call to APIs hosted by the Update Service are being performed as this identity.
If the impersonated service account for IIS App Pool is not a local administrator then the Windows Domain account must be added to the local 'IIS_IUSRS' group. The account used must also be assigned certain SQL Rights, see next paragraph.
2. Update Service
The Update Service is responsible for replacing files on the IIS, installing Windows Services which includes potentially remote start and stop commands. In a Windows Server environment this is a highly privileged function that only members of the local Administrators group are allowed to perform.
Note
The account must have Log on as Service Right AND be a local admin
Note
Regardless where you install the Update Service, the account for the Update Service must be a local administrator on all Nodinite App- and Web-servers
Note
Make sure to add the account running the Update Service as a registered user within the Nodinite Web Client
What SQL Rights does the Install and Update Tool require?
The Update Service is using the configured Windows Service Account during install and update operations and must have the following SQL rights assigned:
SQL Instances
Assign the following Server Roles on all SQL Server Instances hosting any of the following Nodinite databases:
public
dbcreator
diskadmin
securityadmin (means the account has the right to become SYSADMIN) or
- SYSADMIN - this right is the only one required if accepted by your internal policies and then you can ignore the previous roles.
Configuration Database
On the SQL Server instance with Configuration Database the account must have the following User Mapping (assigned by the installer tool during installation)
- db_datareader
- db_datawriter
- db_ddladmin
Logging Databases
On the SQL Server instances with Log Databases the account must have the following User Mapping (assigned by the installer tool during installation)
- db_datareader
- db_datawriter
- db_ddladmin
Note 1: db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.
Note 2: If you are using SQL Server Always On please review additional steps required from the About SQL Server Always On Availability Groups user guide
Make sure Kerberos is working from Nodinite Server and BizTalk SQL Databases
Important
This is a very important test step and can be performed before you have installed anything else but the SQL MMC (SSMS) tool
The following SQL Query should return ‘Kerberos‘ running the SQL MMC from Nodinite Server against remote SQL Server instance.
SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid;
If you have SQL Server installed locally then NTLM is used instead of Kerberos, which is a simpler scenario and is supported by Nodinite
What Firewall settings are required for the Install and Update Tool?
The Install and Update Tool requires both inbound and outbound ports to be opened. Since Nodinite is highly configurable, the actual ports in use may differ from what's being exampled here.
The Install and Update Tool requires both inbound and outbound ports to be open. Depending on your environment, different ports may be used. On a high level the following services must be allowed:
- TCP Ports for REST
- Inbound communication from consumers typically HTTP and HTTPS
- Outbound communication with Update Service(s) Nodinite performs internal alive checks
- Configuration Database - ports used to communicate with SQL Server
- Internet ports
1. TCP Ports for REST
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 80 | HTTP | default for HTTP | ||||
| 443 | HTTPS | default for HTTPS |
- 1-65535 - It depends on what port you have assigned using 'Edit Bindings' for the Web Site hosting the Install and Update Tool (inbound and outbound see next bullet).
If you're going to host Nodinite on non-default ports, Please contact our support for guidance at support@nodinite.com
- 8000 HTTP with X API Key (outbound)
- Update Service
2. TCP Ports between Update Service and SQL Server
The Install and Update Tool accesses the databases using the Impersonated Windows Account. You must ensure that TCP ports used are allowed by your firewalls, depending on location of the SQL database the actual ports used may differ. The following Windows Services are involved:
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide |
||||
| 88 | Kerberos | Review 'Microsoft Kerberos' user guide | ||||
| 135 | DTC/RPC | This port is shared between many Windows Services | ||||
| 1433/... | SQL Server instance ports (multiple) | Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide |
3. Internet ports
Nodinite has no "E.T phone home" feature. However, the Nodinite Install and Update Tool has a feature to help you download newer versions. If you are on a locked down environment with no Internet access, You can always opt to download binaries manually from https://portal.nodinite.com.
Make sure to whitelist the following addresses if you want to get help from inside the tool.
| Address | Port | Purpose | Source Server |
|---|---|---|---|
| https://api.nodinite.com | 443 outbound | Retrieve the list of binaries and release notes | All servers with the Nodinite Update Service |
| https://download.nodinite.com | 443 outbound | download binaries | Clients using the Web tool |
Linked Server
Nodinite uses the SQL Server concept of Linked Servers. The Install and Update Tool requires these, to be properly configured BEFORE installing Nodinite.
Review and follow the steps further detailed in the linked servers section
Frequently asked questions
Additional solutions to common problems and the FAQ for the Nodinite Install and Update Tool exist in the Troubleshooting user guide.
Can I secure the Install and Update Tool?
Yes, the Install and Update Tool supports the usage of SSL Certificates. Simply add your certificate to IIS and configure the Install and Update Tool to only allow https.
Next Step
Install the Nodinite Install and Update Tool