System Requirements (Workflow Manager 1.0)
Updated: October 22, 2012
This document describes the requirements for installing and configuring Workflow Manager 1.0.
The SQL Server instance that is used for various databases configured as a part of Workflow Manager must meet the following requirements.
TCP/IP, shared memory, or named pipes must be enabled.
Port 1443 on the firewall must be open to inbound and outbound communications.
If named pipes are used, the name of the machine on which the SQL Server instance is running should have a name with no more than 16 characters. Named pipes use NetBIOS names, which carry that restriction.
If TCP/IP connections are used, the SQL Browser service should be running on the SQL server.
SQL Server service should be running on the SQL server.
The following collation types are supported.
The user that is configuring Workflow Manager must meet following requirements.
If the machine is domain joined, the user must be a domain user; otherwise the user must be a local user.
The user must be an administrator on the computer on which the configuration is running.
The user must have SysAdmin privilege on this SQL Server instance, otherwise, the databases should be pre-created and the Sql logon for the RunAs Account User should be created manually, before running the configuration, on all Sql instances.
RunAs Account User
The RunAs account is provided during Workflow Manager configuration and is used as the RunAs account by the Workflow Manager services. The Workflow Manager supports the ability to have the RunAs account user as a domain user or a local user. In both cases, this user must have access to the SQL Server instances. Alternatively, SQL Server databases can be accessed using SQL Authentication.
The RunAs account user will be granted a log on as a service privilege during configuration.
If all the machines in a farm share the same service account and the security policy requires the service account password to be changed at regular intervals, you must perform specific actions on each machine in the farm to be able to continue adding and removing nodes in the farm. See the section titled Handling Service Password Changes for this procedure.
Workflow Manager does not support built-in accounts (for example, NETWORK SERVICE) as RunAs accounts.
Relationship between Environment and User Types
The following table lists the relationship between the environment and the user types.
|Environment||Logged In Account||RunAs Account||Support|
Admin group can be a local group or a domain group. If this group is local, you must ensure that the group also exists on all computers in the farm and on the SQL Server. If the group is created as a part of configuration, you will have to either log off and log on the computer, or reboot the computer for services to work properly.
Every user in this group has administrative access to the databases that are part of the farm.
General Certificate Requirements
If you select an existing certificate, you must make sure that the following conditions are met.
The certificate must have a subject name, a subject alternative name, and both the private and public key.
The certificate is also installed in the personal store of all computers in the farm or any computer that intends to join the farm.
The certificate must be valid with respect to:
The start date.
The end date.
The trust chain.
The certificate must have AT_KeyExchange set.
The certificate can be used as a server certificate.
The corresponding CRL list for the signing authority must be present.
Multi-Node Farm Certificate Requirements
If you select an existing certificate, you must make sure that the certificate is a domain certificate. A domain validated SSL is a digital certificate in which the validated identifying information of the certificate is limited to the domain name and works across any machine in the domain. For example, the subject name of the certificate has a value of *.domain.
Workflow Manager farm supports a farm of a single computer running both Workflow Manager farm and the required Service Bus farm. If you require high availability you must expand the farm to three computers. Refer to Joining an Existing Farm on how to expand farm. Two node farms cannot guarantee high availability.
During configuration, Workflow Manager will open ports that are configured by default or set explicitly by the user in the Windows Firewall. If a firewall other than Windows Firewall is used, you will have to make these exceptions manually.
During configuration, Workflow Manager prompts you to enable firewall rules