- 9 minutes to read

Prerequisites for the Nodinite Install and Update Tool

This page describes the prerequisites to successfully install and run the Nodinite Install and Update Tool.

The Nodinite Install and Update Tool has two components that need to be installed:

  1. Install and Update Tool Web Interface hosted within IIS
  2. Update Service; a Windows Service.

Usually, these two components are installed on the same server. The Windows Installer (MSI) allows you to select which components to install during execution, more about that can be further explored in the Installing and Configuring - Install and Update Tool page.

Scenario 1: Simple setup
In the scenario below the Install and Update Tool and the Update Service are installed on the same Windows Server.

graph LR subgraph "Nodinite Web Server" roNI(fal:fa-rocket Install and Update Tool
Web Interface) -->|REST API| roUS(fal:fa-cog Update Service
Windows Service) end subgraph "SQL Server" roCDB(fal:fa-database Configuration Database) roUS --> roCDB end
Verified Topic
Software Requirements
IIS Default Web Site
Linked Server
Windows rights
Database rights

Use the checklist above to verify that you have performed all steps required for the Nodinite Install and Update tool

Software Requirements

Windows Server Windows 2022
Windows 2019
Windows 2016
Windows 2012 R2
Windows 2012. We do not recommend this version or older as it does not support .NET 5, and later
Windows 2008 R2. We do not recommended this version since it is outdated, requires additional administration and maintenance
Make sure to add it to the Domain
SQL Server Package (DACPAC) DACFramework.msi Latest sqlpackage
.NET Framework .NET Framework 4.6.2 or later New 5.4 Our recommendation is to use .NET Framework 4.8 on hosts with Nodinite components.

Versions prior to 5.4 make use of the .NET Framework 4.5 or later.

Nodinite requires DACPAC SQL Binaries used for installing and updating databases. You can (and should) install a higher version (latest) compared to your SQL Server since Microsoft provides backwards compatibility. The other way around is not supported. There is no licensing cost associated with installing and running the Microsoft DACPAC binaries.

Use the latest SSMS version to ensure you have a valid version of the required SQL Server binaries, and it's only one installer (although larger)

If you experience issues installing or updating the Nodinite databases; Then almost always, the problems is with an incompatible old version.

If you co-host Nodinite components with other applications, make sure to review the combined prerequisites to avoid problems with conflicting versions of 3rd party tools, frameworks and more.

Make sure to Domain join the Windows Server to allow business users easy access using Windows Active Directory Groups and Users.

Software Recommendation

In addition, our recommendation is that you install the following software:

SQL Server Management Studio (SSMS) Match SQL version in use, or use a higher version Latest SSMS
Notepad++ Download Makes it easy to manage configuration files

IIS Default Web Site

Your IIS must be properly configured with the following Windows Roles and Features:

The Default Web Site must exist within your IIS(!) The installer will fail otherwise and there is no supported workaround. Nodinite Core Services may be installed on other Web Sites (however not recommended)

Prerequisites for IIS Web Server

Feature Name Comment
Common HTTP Features HTTP Redirection
Static Content
Performance Features Dynamic Content Compression
Static Content Compression
Security Features Basic Authentication
Windows Authentication
Application Development .Net Extensibility 4.x
ISAPI Extensions
ISAPI Filters
WCF Features .Net Framework 4.X WCF Requirement for the Log API
This feature has been deprecated. It was available with Nodinite versions 1-5

Your client browser must support HTML 5, review the Client Browser prerequisites for additional details

Microsoft Distributed Transaction Coordinator (DTC)

The Update Service is involved in SQL Server related operations and Nodinite uses the Windows Service Microsoft Distributed Transaction Coordinator (DTC) that is responsible for coordinating transactions that span multiple resource managers. We have written a dedicated tutorial for Nodinite with our best practices for how to install and configure the DTC Windows Service.

You must configure the DTC as documented otherwise Nodinite Install and Update Tool will not be able to function

What Windows rights does the Install and Update Tool require?

The Install and Update tool has two features. These may be installed on different Windows Servers where they can run with different, and least privileges according to the details outlined next.

1. Web-based User Interface

When you install the Nodinite Install and Update Tool (executing the Windows Installer .MSI) the specified account is assigned a new IIS App Pool. This IIS App Pool is set to run with ASP.NET Impersonation and all consumers of the Install and Update Tool will be impersonated to this dedicated Windows Service account. For anyone to use the Install and Update Tool access rights must be assigned.

The Install and Update Tool uses ASP.NET Impersonation which is a feature built-into IIS and further call to APIs hosted by the Update Service are being performed as this identity.

If the impersonated service account for IIS App Pool is not a local administrator then the Windows Domain account must be added to the local 'IIS_IUSRS' group. The account used must also be assigned certain SQL Rights, see next paragraph.

2. Update Service

The Update Service is responsible for replacing files on the IIS, installing Windows Services which includes potentially remote start and stop commands. In a Windows Server environment this is a highly privileged function that only members of the local Administrators group are allowed to perform.

NOTE: The account must have Log on as Service Right AND be a local admin

Regardless where you install the Update Service, the account for the Update Service must be a local administrator on all Nodinite App- and Web-servers

Make sure to add the account running the Update Service as a registered user within the Nodinite Web Client

What SQL Rights does the Install and Update Tool require?

The Update Service is using the configured Windows Service Account during install and update operations and must have the following SQL rights assigned:

SQL Instances

Assign the following Server Roles on all SQL Server Instances hosting any of the following Nodinite databases:

  • Configuration Database

  • Log Databases

  • public

  • dbcreator

  • diskadmin

  • securityadmin (means the account has the right to become SYSADMIN) or

    • SYSADMIN - this right is the only one required if accepted by your internal policies and then you can ignore the previous roles.

Configuration Database

On the SQL Server instance with Configuration Database the account must have the following User Mapping (assigned by the installer tool during installation)

  • db_datareader
  • db_datawriter
  • db_ddladmin

Logging Databases

On the SQL Server instances with Log Databases the account must have the following User Mapping (assigned by the installer tool during installation)

  • db_datareader
  • db_datawriter
  • db_ddladmin

Note 1: db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.

Note 2: If you are using SQL Server Always On please review additional steps required from the About SQL Server Always On Availability Groups user guide

Make sure Kerberos is working from Nodinite Server and BizTalk SQL Databases:

This is a very important test step and can be performed before you have installed anything else but the SQL MMC (SSMS) tool

The following SQL Query should return ‘Kerberos‘ running the SQL MMC from Nodinite Server against remote SQL Server instance

SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid;

If you have SQL Server installed locally then NTLM is used instead of Kerberos, which is a simpler scenario and is supported by Nodinite

What Firewall settings are required for the Install and Update Tool?

The Install and Update Tool requires both inbound and outbound ports to be opened. Since Nodinite is highly configurable, the actual ports in use may differ from what's being exampled here.

The Install and Update Tool requires both inbound and outbound ports to be open. Depending on your environment, different ports may be used. On a high level the following services must be allowed:

  1. TCP Ports for REST
    • Inbound communication from consumers typically HTTP and HTTPS
    • Outbound communication with Update Service(s) Nodinite performs internal alive checks
  2. Configuration Database - ports used to communicate with SQL Server
  3. Internet ports

1. TCP Ports for REST

Port Name Inbound Outbound TCP UDP Comment
80 HTTP default for HTTP)
443 HTTPS default for HTTPS)
  • 1-65535 - It all depends on what port you have assigned using 'Edit Bindings' for the Web Site hosting the Install and Update Tool (inbound and outbound see next bullet)

If you're going to host Nodinite on non-default ports, Please contact our support for guidance at support@nodinite.com

  • 8000 HTTP with X API Key (outbound)
    • Update Service
graph LR subgraph "Nodinite Web Server" roNI(fal:fa-rocket Install and Update Tool) -->|8000| roUS(fal:fa-cog Update Service) roWebClient(fal:fa-globe Client Browser) -->|80,443,...| roNI end

2. TCP Ports between Update Service and SQL Server

The Install and Update Tool accesses the databases using the Impersonated Windows Account. You must ensure that TCP ports used are allowed by your firewalls, depending on location of the SQL database the actual ports used may differ. The following Windows Services are involved:

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
88 Kerberos Review 'Microsoft Kerberos' user guide
135 DTC/RPC This port is shared between many Windows Services
1433/... SQL Server instance ports (multiple) Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide
graph LR subgraph "Nodinite App Server" roUS(fal:fa-cog Update Service) end subgraph "SQL Server" roCDB(fal:fa-database Configuration Database) roUS -->| SQL, DTC, DNS, RPC | roCDB end

3. Internet ports

Nodinite has no "E.T phone home" feature. However, the Nodinite Install and Update Tool has a feature to help you download newer versions. If you are on a locked down environment with no Internet access, You can always opt to download binaries manually from https://portal.nodinite.com.

Make sure to whitelist the following addresses if you want to get help from inside the tool.

Address Port Purpose Source Server
https://api.nodinite.com 443 outbound Retrieve the list of binaries and release notes All servers with the Nodinite Update Service
https://download.nodinite.com 443 outbound download binaries Clients using the Web tool

Linked Server

Nodinite uses the SQL Server concept of Linked Servers. The Install and Update Tool requires these, to be properly configured BEFORE installing Nodinite.

Review and follow the steps further detailed in the linked servers section

Frequently asked questions

Additional solutions to common problems and the FAQ for the Nodinite Install and Update Tool exist in the Troubleshooting user guide.

Can I secure the Install and Update Tool?

Yes, the Install and Update Tool supports the usage of SSL Certificates. Simply add your certificate to IIS and configure the Install and Update Tool to only allow https.

Next Step

Install the Nodinite Install and Update Tool