HighQ Appliance handles connections between HighQ and your network. Check the requirements for each of the features you will use, install any necessary software packages and apply the required configuration.
This article provides an overview of requirements. As specific requirements for each installation vary, please talk to your HighQ representative for more information.
Core technical requirements
HighQ Appliance is a server component, on which all integrations are configured to connect internal systems to HighQ Collaborate or HighQ Publisher.
The HighQ Appliance will be installed on a dedicated server inside the client network.
Server specifications
- Virtual server (VMware, Microsoft Hyper-V) or physical server
- Processor - a minimum of two cores
- RAM - 16 GB or more
- Available storage (i.e. hard drive) - 120 GB (this should be the free space after the OS install and mounted as a D:\ drive named 'Data')
- Windows 2012 R2 server 64-bit (or later)
- .Net framework 3.5 & 4.5 installed (critical)
Software packages
The following will be installed by a HighQ Technical Consultant:
- SQL Express (if required for local installation)
- Apache Tomcat
- HighQ Appliance Core
Additional software packages for EKM
EKM installation requires additional software:
- Second installation of Apache Tomcat
- Java JDK
- MS SQL command-line utilities
Connectivity
The Appliance server will require general internet connectivity during setup.
The server will also require outbound connectivity over the configured port to communicate with the Collaborate or Publisher instance.
Default Collaborate or Publisher port:
Remote access
HighQ Appliance software is typically installed and configured remotely by a HighQ Technical Consultant, therefore a dedicated Remote Access (VPN) to the client Appliance server is required; however, a screen share is also possible in some cases.
Account privileges
The installation process uses the Windows PowerShell, therefore an account with Local Admin privileges is required. This account must be able to set the 'Execution Policy' of PowerShell to 'Bypass'. No specific modules of PowerShell are required.
SQL iSheets requirements
Prerequisites
- Advanced iSheets training
- Create an iSheet system template
- A linked iSheet in the site, from the system template above
- Knowledge of required SQL query used for sync
Connectivity
- HighQ Appliance must have connectivity to SQL server over the necessary port
Account privileges
- Service account to client SQL server
Active Directory requirements
Prerequisites
- HighQ Appliance server (within two releases of the latest version)
- AD Groups or OU created for the synchronisation testing process
- If the system is to be configured to access AD over SSL, the appropriate certificates (.CER) must be provided to the local Java certificate trust store
Connectivity
The Appliance must have outbound connectivity over the configured port(s) to the Active Directory servers.
Default Active Directory port:
Please provide any alternative ports if the Active Directory has been configured to custom ports.
Account Privileges
The connector will require a service account with full read rights to Active Directory.
Encryption Key Management (EKM) requirements
Requirements
HighQ recommends EKM be run on a load-balanced cluster as described below:
- Two VMs configured per the Server Specifications in the client's DMZ configured with network load-balancer and NLB virtual IP address. There are used as web front-ends for the application servers
- Two VMs configured per the Server Specifications inside the client's network on the same subnet. Each should have two Network Interface cards (NICs), one for regular network traffic and one dedicated to multicast traffic used for Tomcat clusters
- Access from the Application Server to client's SQL Server with mirrored databases, or Server 2012 Standard Edition on each VM for database mirroring
Connectivity
- Inbound and outbound access to the NLB virtual IP address using port 442 (https)
- Internet-facing IP address which can be accessed by HighQ infrastructure pointing to, or translated to, the NLB virtual IP address if different.
- A Public DNS registration that points to the NLB virtual IP address. E.g. highqapp.yourfirm.com
- Access over port 443 from WFEs in DMZ to Application servers behind the firewall
Typical EKM Network Diagram
Please note that Enterprise Key Management (EKM) and the Hybrid storage connector have been replaced with a BYOK solution. Please contact your HighQ representative for more information.
