Skip to content

Platform specs

Important

Sequel Security Service v3 is designed to be hosted only by Verisk's AWS Managed Service. For other hosting options, like on-premises, please contact with SuppApp Product Team.

This documentation refers to Security Services; outlines the server topology and specifies the pre-requisite software requirements to be used for the base platform of Sequel Security Service.

It covers all installation options and configuration of the operating systems and pre-requisite applications on all servers in the Sequel Security environment.

This specification requires that these servers are dedicated to the use of Sequel Security Service and are not shared with other services and do not have any additional software installed upon them.

Virtualization of elements of the production environment is an option to consolidate server utilization.

Please note that we are keen to work in conjunction with you to ensure that the infrastructure is suitable and scalable for your requirements.

It is highly recommended to be familiar with the "Security Service Installation Guide" before installing the application.

Architecture overview

Sequel Security Application Services is based in a set of four web services/sites, developed in .NET Core.

Security Service Architecture

Those services are:

Authentication

OAuth2 and OpenID Connect service; provides interactive users and service-to-service authentication.

  • Requires access to Sequel Security API Service.

Authorization

Provides endpoints for verifying the permissions assigned to users and groups.

  • Requires access to Sequel Security Authentication Service.
  • Requires access to Sequel Security API Service.
  • Requires access to an instance of RabbitMQ (consumer).

API

This Rest web API provides access to all information related to Authentication and Authorization; it's the bridge to the persistence layer.

  • Requires access to Sequel Security Authentication Service.
  • Requires access to a Microsoft SQL Server.
  • Requires access to an instance of RabbitMQ (publisher).

Administration site

Single Page Application website for managing security configuration.

  • Requires access to Sequel Security Authentication Service.
  • Requires access to Sequel Security API Service.

Optional components

LDAP Sync Service

This is a windows service required to synchronize users and roles with a Windows Active Directory.

  • Requires access to Sequel Security Authentication Service.
  • Requires access to Sequel Security API Service.
  • Requires access to an instance of RabbitMQ (consumer).
Azure AD Sync Service

This is a windows service required to synchronize users and roles with a Azure AD.

  • Requires access to Sequel Security Authentication Service.
  • Requires access to Sequel Security API Service.
  • Requires access to an instance of RabbitMQ (consumer).
Security Database Sync Service

This windows service is responsible for syncing information from security services with Sequel's applications like Origin and Claims. This component is not included in the Security installation; it is included with the Origin and Claims installation. We recommend to install it in a Origin's or Claim' backend server.

Pre-requisites

Components required to install Security Services are:

  • Database Server:
    • SQL Server 2014/2017/2019 or AWS SQL RDS
  • Application Servers, can be installed on two different ways:
  • RabbitMQ server 3.8.x (current test environments are pointed to 3.8.30)
    • Recommendation is to use the AmazonMQ RabbitMQ service

Topologies

Based on performance and security requirements, we will have different servers and topologies. The basics are described as:

  • One dedicated database server (shared with other applications)
  • One dedicated RabbitMQ server (single instance for Sequel Products)
  • One or more application servers:
  • All in one: all services in 1 server.
  • Auth & App Servers. Recommended :
    • AuthServer: Authentication and Authorization Services.
    • AppServer: Administration and Security API service. None required for public/internet access. Just need to be accessible from AuthServer and other services. If LDAP Sync Service or Azure AD Sync Service are required, this is the recommended server to install them.
  • Server per service. Each service is installed in a separate server:
    • Authentication Server
    • Authorization Server
    • AppServer (Admin UI + Security API + LDAP Sync Service + Azure AD Sync Service)
  • All in one server shared with other services. While this is not our recommendation; this is possible if the expected load of work is low.

Database Server

This is the server specification for all database servers in Sequel Security Services environments. This applies just when SQL server is hosted on a Windows Server

Database Server: Operating system

  • Microsoft Windows Server 2016 (recommended)
  • Microsoft Windows Server 2012 R2

Operating System Configuration

Configuration settings should be set to the default, except where referenced below.

  • Windows Server 2012 R2 ‘Roles’ to install
    • Application Server
    • .NET Framework 4.5
  • Regional Settings set to UK format (DD/MM/YYYY)
  • Mixed Mode Authentication enabled

Database Server: Additional software

  • Microsoft SQL Server 2014 SP2 (Supported)
    • Standard or Enterprise edition
  • Microsoft SQL Server 2017 (supported and recommended)

Database Configuration

Database must be configured to work with:

  • SQL Collation ‘SQL_Latin1_General_CP1_CI_AS
  • READ_COMMITTED_SNAPSHOT enabled.

Application Server

This section applies when services are hosted on IIS.

Application Server: Operating system

  • Microsoft Windows Server 2016 (recommended)
  • Microsoft Windows Server 2012 R2 Standard 64-bit

Operating system Configuration

Windows features (names for windows 2012 R2 version) settings should be set to the default, except where referenced below:

  • File and Storage Services
    • File and iSCSI Services
    • File Server
    • Storage Services
  • Web Server (IIS)
    • Web Server
      • Common HTTP Features
        • Default Document
        • Directory Browsing
        • HTTP Errors
        • Static Content
    • Health and Diagnostics
      • HTTP Logging
      • Request Monitor
    • Security
      • Request Filtering
      • Windows Authentication (optional - required to support SSO with Windows accounts)
    • Application Development
      • .NET Extensibility 4.6
      • ASP.NET 4.6
      • ISAPI Extensions
      • ISAPI Filters
    • WebSocket Protocol
    • Management Tools
      • IIS Management Console
  • .NET Framework 4.6 Features
    • .NET Framework 4.6
    • ASP.NET 4.6
    • WCF Services
      • TCP Port Sharing
  • Remote Differential Compression
  • SMB 1.0/CIFS File Sharing Support
  • Windows Defender Features
    • Windows Defender
    • GUI for Windows Defender
  • Windows PowerShell
    • Windows PowerShell 5.1
    • Windows PowerShell ISE
  • WoW64 Support

IIS application pool settings

Enable 32-bit Applications

Default settings of application pool works fine in most of the cases, and 32-bits is also supported. However, we recommend to use 64-bit mode (Enable 32-bit Applications set to false) for a better memory management.

Static compression

Static Content compression when enabled generates issues trying to access the application: 500 internal server errors.

Application Server: Additional Software

It is quite important to install .NET Core Hosting Bundle aligned to the .NET Core version.