UNIFYNow Installation Prerequisites

Requirements

The following are the software requirements for the UNIFYNow service:

• Microsoft Windows Server (2008 R2 SP1 or later);
• Microsoft .NET 4.5.1 Framework (external download);
• Microsoft Identity Lifecycle Manager 2007, Microsoft Forefront Identity Manager 2010, Microsoft Forefront Identity Manager 2010 R2, Microsoft Identity Manager 2016;

The following are the recommended minimum hardware requirements for the UNIFYNow service:

• Approximately 20MB on the nominated server for installation of executables and documentation, with at least 15MB available for logging (configurable)

The following are the recommend minimum software requirements for accessing UNIFYNow Management Studio:

• A JavaScript-enabled modern desktop web browser (Microsoft Internet Explorer 8+², Mozilla Firefox 30+, Google Chrome™ browser, etc.)

Topology

The UNIFYNow service can be installed wherever it is deemed most appropriate. The options are limited only by the access and permissions that the service account holds, along with those required by each of the Agents. See the UNIFYNow service account section below for details on these permissions and requirements.

For environments requiring the use of the UNIFYNow Web Component, this should be installed separately from the UNIFYNow service environment. It must be able to be accessed by the users of UNIFYNow over HTTP(S) using the configured port, and be able to make web service calls on another configured port to the machine running the UNIFYNow service.

Some environments may require the UNIFYNow web address being added to the list of intranet sites, as well as about:blank.

Firewall

The firewall should be configured to allow communication between between components. The following default exceptions should be made:

Configuration

The following information will need to be retained by the administrator in order to install and maintain UNIFYNow:

• UNIFYNow service account

UNIFYNow service account

This is the Windows account the UNIFYNow service will operate. The service account must have the following:

• Log on as a service. For details see here;
• Access to write to its Logs directory. Defaults to: C:\Program Files\UNIFY Solutions\Event Broker\Services\Logs
• Ability to create the Logs file directory;
• Full update access to the Extensibility directory. Defaults to: C:\Program Files\UNIFY Solutions\Event Broker\Services\Extensibility
• Permission to create a WCF end-point (see The service will not start due to a lack of permissions to create a WCF end-point);
• Permission to write to C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files;
• Correct rights for any connected system that Windows authentication is to be used for (see Agents).
• Membership in the FIMSyncAdmins group.
• Read permission (db_datareader) to the FIMSynchronizationService database, either for the service account, or a separate SQL authentication login.

If installed on the same machine as Microsoft Identity Lifecycle Manager or Microsoft Forefront Identity Manager, the service account also requires the following:

• Read access to the local FIM WMI namespace (overview, Setting Namespace Security)

If installed on a different machine from Microsoft Identity Lifecycle Manager or Microsoft Forefront Identity Manager, the service account also requires the following:

• Rights to launch DCOM applications on the remote computer (overview)

NB. Compatibility with emulation frameworks including Mono is untested and unsupported.

1. Microsoft Forefront Identity Manager 2010 requires Microsoft Windows Server 2008 R2. Microsoft Identity Lifecycle Manager 2007 requires Microsoft Windows Server 2003 Service Pack 2. Please refer to Microsoft documentation for exact specifications.
2. Older versions of Microsoft Internet Explorer are supported with some limitations.