Plan for worker installation
In zervicepoint terms, the "Worker" is a summary of the zervicepoint systems Client Web Service, Provisioning System and Provisioning Inventory System installed on a server in a on-premises environment.
List of prerequisites for Zervicepoint Worker
- Windows Server (2012/2016/2019)
- Service Account(s)
- DNS entry for ClientWebService
- Certificate for ClientWebService
OS requirements
- Windows Server 2012 R2 x64
- Standard or Enterprise
- Windows Server 2016 (Recommended)
- Standard or Datacenter
- Windows Server 2019
- Standard or Datacenter
Windows Features requirements
The following Windows features should be installed on the server:
This is for Server 2016/2019. Run the command below in Powershell with Administrative rights
Add-WindowsFeature -Name @( 'Net-Framework-45-Core', 'Web-Server', 'Web-Log-Libraries', 'Web-Request-Monitor', 'Web-Net-Ext45', 'Web-Windows-Auth', 'Web-Asp-Net45', 'Web-ISAPI-Ext', 'Web-ISAPI-Filter', 'Net-WCF-HTTP-Activation45', 'Web-Mgmt-Console' )
Service Accounts
You can use either a local or domain service account. We recommend using a domain service account in order to easily authenticate with Active Directory.
The service account for ClientWebService should have "read" related permissions to systems it integrates with, while the ProvisioningSystem service should have read/write.
for Client Web Service
- Local or domain account (i.e svc-zp-cws)
- Permissions
- Log on as service on the worker server
- Full control permissions to client web service data signing certificate
for Provisioning System service
- Local or domain account (i.e svc-zp-ps)
- Permissions
- Local Administrator
Network
Allow the following network traffic
Protocol | Origin | Destination | Port |
---|---|---|---|
TCP | Worker server | portal.zervicepoint.com | 443, 9900, 20000, 30000 |
TCP | Client | Worker server | 443 |
TCP | Client | portal.zervicepoint.com | 443, 20000 |
Verify that the customer clients and servers are able to access the Zervicepoint cloud environment
- The server has internet access
- The ports above has been configured
- No proxy is blocking the clients and servers from reaching Zervicepoint cloud environment
Client web service
DNS record
- A DNS host (A/AAAA) record that points to the worker server, i.e. cws.example.com
Web certificate
Client web service communication certificate (SSL/TLS certificate)
- Used by Client Web Service for encrypting communication (https)
- Should have same common name as the DNS record for the worker server. (i.e cws.example.com)
This certificate must be installed in the Local Machine personal folder on the worker server prior to the installation.
Configure Client Web Service URL
At first, your client web service URL will need to be updated in the zervicepoint administration portal.
Log in to the portal, open Administration, click edit store and then the tab Worker Authentication and add
- Client web service url
https://<cws.example.com>:443/ProviderService.svc/CallProvider
- Ensure Authentication method is assigned to Key.
- Save settings.