System Requirements

  • Article

 

Applies To: Service Bus for Windows Server 1.1

This document describes the requirements for installing and configuring Service Bus for Windows Server.

Administrator Account User

The user that is configuring Service Bus for Windows Server must meet following requirements.

  • If the computer is domain joined, the user must be a domain user.

  • The user must be an administrator on the computer on which the configuration is running.

  • To enable Service Bus for Windows Server configuration (using either the wizard or PowerShell) to create databases, the user must have SysAdmin privilege on the SQL Server instance. Alternatively, all the databases must be pre-created, and the user must have access on all SQL Server instances.

RunAs Account User

The RunAs account is provided during Service Bus for Windows Server configuration and is used as the RunAs account by the Service Bus for Windows Server services. Service Bus for Windows Server supports the ability to have the RunAs account user as a domain user or a local user. In both cases, this user must have access to the SQL Server instances. Alternatively, SQL Server databases can be accessed using SQL Authentication.

The RunAs account user will be granted a log on as a service privilege during configuration.

If the security policy requires the service account password to be changed at regular intervals, you must perform specific actions on each computer in the farm to be able to continue adding and removing nodes in the farm. See Handling Farm Password Changes1 for this procedure.

Note

Service Bus for Windows Server does not support built-in accounts (for example, NETWORK SERVICE) as RunAs accounts.

Relationship between Environment and User Types

The following table lists the relationship between the environment and the user types.

Environment

Logged In Account

RunAs Account

Support

Domain

Domain

Domain

Supported

Domain

Domain

Local

Not supported.

Domain

Local

Domain

Not supported.

Domain

Local

Local

Either in development environment (1-box) or by using SQL Authentication.

Workgroup

Domain

Domain

Not supported.

Workgroup

Domain

Local

Not supported.

Not possible.

Workgroup

Local

Domain

Not supported.

Not possible.

Workgroup

Local

Local

Either in development environment (1-box) or by using SQL Authentication.

Admin Group

The Admin group can be a local group or a domain group. If this group is local, you must ensure that the group also exists on all computers in the farm and on the SQL Server. If the group is created as a part of configuration, you will have to either log off and log on the computer, or reboot the computer for services to work properly.

Every user in this group has administrative access to the databases that are part of the farm.

General Certificate Requirements

If you select an existing certificate, you must make sure that the following conditions are met.

  • The certificate must have a subject name, a subject alternative name, and both the private and public key.

  • The certificate is also installed in the personal store of all computers in the farm or any computer that intends to join the farm.

  • The certificate must be valid with respect to:

    • The start date.

    • The end date.

    • The trust chain.

  • The certificate must have AT_KeyExchange set.

  • The certificate can be used as a server certificate.

  • The corresponding CRL list for the signing authority must be present.

Multi-Node Farm Certificate Requirements

If you select an existing certificate, you must make sure that the certificate is a domain certificate. A domain validated SSL is a digital certificate in which the validated identifying information of the certificate is limited to the domain name and works across any computer in the domain. For example, the subject name of the certificate has a value of *.example.com if it has to work on all computers in the domain example.com.

High Availability

If you require high availability you must expand the farm to three computers. Two-node farms are not supported.

Firewall

During configuration, Service Bus for Windows Server will open ports that are configured by default or set explicitly by the user in the Windows Firewall. If a firewall other than Windows Firewall is used, you will have to make these exceptions manually.

Note

During configuration, Service Bus for Windows Server prompts you to enable firewall rules.