System Requirements for On-Premises Deployment of GYTPOL
Introduction
This document serves the purpose of providing essential system prerequisites and requirements that must be met before initiating the installation process for the GYTPOL Validator product.
Audience
This User Guide is primarily intended for IT system and infrastructure teams responsible for implementing, managing, and maintaining servers and Active Directory within their organizations. It provides clear instructions and explanations suitable for technical users, ensuring that these teams can effectively utilize the software for their specific needs.
Checklist
Before proceeding with the installation of GYTPOL Validator software, it is crucial to verify that all the following requirements are met:
Operating System - GYTPOL Server:
Ensure that the operating system on the GYTPOL Server meets the specified requirements.
Determine the appropriate server sizing based on the anticipated number of devices that will interact with GYTPOL Validator.
Confirm the existence and configuration of Users and Groups in both Active Directory and the GYTPOL Server, ensuring proper synchronization.
Server Software - GYTPOL Server:
Make sure that the necessary server software components are installed and configured correctly on the GYTPOL Server.
Ensure that a web browser is available and compatible for use as the admin interface by end-users of GYTPOL Validator.
Verify that servers and workstations covered by GYTPOL Validator meet the required Sensor-side specifications.
DNS - Routing to GYTPOL Server:
Add any necessary DNS configurations to ensure proper routing to the GYTPOL Server, allowing seamless communication.
Determine and open the specific ports on both the server and Sensor sides as required by GYTPOL Validator to facilitate communication and functionality.
Implement measures to prevent any interference or blocking of GYTPOL Validator's proper execution by antivirus software.
Ensuring that all these prerequisites are met will contribute to a successful and efficient installation of GYTPOL Validator software.
Find additional help in Detailed Configuration Instructions when required.
System Architecture
Server Architecture
Server Sizing
Up to 3,000 Devices / PoC
RAM (GB) | System Storage (GB) | CPU (# Cores) |
16 | 80 SSD | 8 |
Up to 10,000 Devices
Server | RAM (GB) | Storage (GB) | CPU (# Reserved Cores) |
GYTPOL | 16 | 80 SSD | 8 |
DB | 24 | 200 SSD | 8 |
Up to 15,000 Devices
Server | RAM (GB) | Storage (GB) | CPU (# Reserved Cores) |
GYTPOL | 24 | 80 SSD | 8 |
DB | 24 | 250 SSD | 8 |
Up to 50,000 Devices
Server | RAM (GB) | Storage (GB) | CPU (# Reserved Cores) |
GYTPOL | 32 | 150 SSD | 16 |
DB | 64 | 450 SSD | 16 |
For customers with specific scenarios, please take note of the following:
Customers managing more than 50,000 devices are advised to contact support@gytpol.com for specialized sizing recommendations.
If you are using the Nutanix hypervisor, please contact support@gytpol.com for further guidance and support tailored to your specific setup.
Operating System and Language
A dedicated physical or virtual server is required, running Windows Server 2016 Standard or a later version.
Windows Server language settings (detailed checks are here):
The Windows Server operating system must be set to use the English (United States) language.
The Windows Server language for non-Unicode programs must be set to use the English (United States) language.
Customers who use a separate database server should install SQL Server 2016 Standard or a later version. For detailed instructions on configuring MS SQL, please consult Appendix 1.
Users and Groups
To create a domain user with the specified permissions and ensure the password adheres to the given criteria, follow these steps:
Create the User:
Open the Active Directory Users and Computers management console.
Navigate to the appropriate organizational unit (OU) or location where you want to create the user.
Right-click on the OU, select "New," and then choose "User."
Follow the prompts to set up the user account. You can use your naming convention, but for purpose of this document, let's call the user "GYTPOLSVC."
Set Password Criteria:
When setting the password for "GYTPOLSVC," make sure it does not contain any of the following characters ', ", ~, ;, commas or spaces
Assign Permissions (optional):
For a more stringent permission setup, you can create a security group within Active Directory, e.g., "GYTPOL_UI_Access”.
Add "GYTPOLSVC" to the "GYTPOL_UI_Access" group.
This group will be used to access GYTPOL UI or system settings during the initial server configuration.
By default, all authenticated users are granted access to the GYTPOL UI, which can be modified using the Roles and Permissions screen after the initial installation process.
By following these steps, you will have created a domain user, set a password that adheres to your criteria, and established a security group for GYTPOL UI access, all in compliance with your requirements.
Permissions
Follow the below table to set the permissions regarding the user and the group (follow hyperlinks for how to’s):
Type | Name | Permission set |
AD User | GytpolSvc | Domain level: Member of Domain Group: “Performance Log Users”
GYTPOL Server local settings: Local admin on GYTPOL server Logon as a service
GPMC permissions |
Server software and general settings
Requirement | How to Verify |
Web Browser supports Chromium | We recommend using the latest version of either MS Chromium Edge or Google Chrome browsers. However, in offline or closed environments, a minimum version of 100 is required. |
.NET 4.7.2 installed (Installed by default on Server 2019) | https://dotnet.microsoft.com/en-us/download/dotnet-framework/thank-you/net472-web-installer |
Notepad++ installed (Optional, yet strongly advised to simplify configuration management) | |
The minimum required version of PowerShell is 5.1. (Installed by default on Server 2016 and later)
Ensure that the PowerShell script execution policy is not set to "Restricted" in any of its categories. | |
IPv6 disabled (Optional) | |
Configure Windows Firewall inbound ports - or - Turn Windows Firewall OFF (service should be up and running) | In case of using the Windows Firewall
|
IE enhanced disabled | How to Disable Internet Explorer Enhanced Security Configuration |
Proxy is not configured | |
After committed changes - restart the remote machine (GYTPOL server) | |
Admin Interface
You need a physical or virtual machine running at least Windows 7 SP1.
It is recommended to use the latest version of either MS Chromium Edge or Google Chrome browsers for optimal compatibility.
Sensor Requirements
Ensure that Task Scheduler is enabled for both user and computer.
Enable Event Viewer for both user and computer.
RSOP (Resultant Set of Policy) should be allowed.
PowerShell version requirements:
PowerShell 2.0 or later is required, with support for detection and auto-upgrade.
PowerShell 5.1 and later are preferred, as they support detection, auto-upgrade, remediation, and revert.
It is recommended to set PowerShell scripts to "All Signed" (or any option besides "Restricted" or "Remote Signed"), preferably via Group Policy (GPO).
Enable the ability for users to run PowerShell scripts.
DNS
Here are the instructions for setting up a CNAME record from a server running DNS or an IT admin computer:
Open PowerShell:
Press the "Start" button and type "Powershell" in the search box.
Click on "Windows PowerShell" to open the PowerShell console.
Access DNS Manager:
Type dnsmgmt.msc in the PowerShell console and press Enter. This command opens the DNS Manager.
Navigate to the Tree Name:
In the DNS Manager, navigate to the tree name of your organization.
Add CNAME Record:
Right-click on the tree name and select "Add CNAME Record."
Configure CNAME Record:
In the "Name" field, enter _gytpol.
In the CNAME record, click "Search" and navigate to the tree level where the GYTPOL server DNS name is listed.
Select the GYTPOL server's DNS name and click "OK."
Review and Confirm:
Review the results and configurations you have entered.
Click "OK" to confirm and save the CNAME record.
Testing the Record:
Open a command prompt by clicking "Start," typing "cmd," and double-clicking to open the Command Prompt window.
Type the following command: ping _gytpol
Ensure that the IP address returned matches the IP address of the GYTPOL server.
By following these steps, you will have successfully set up a CNAME record for "_gytpol" in your DNS, allowing it to resolve to the IP address of your GYTPOL server.
If you are not using Microsoft DNS and are using a different DNS service such as Infoblox or any other, please get in touch with us for further guidance and assistance regarding the setup of CNAME records and DNS configurations specific to your DNS service provider. We will provide you with tailored instructions and support to ensure proper integration with GYTPOL.
Ports
From | To | Port number | Purpose |
All devices and OS | GYTPOL App Server | 9093 | HTTPS |
9090 (Windows7 only) | HTTP (Data is compressed and encrypted) | ||
All Computers (In case GYTPOL cloud service connection is desired for external devices and Remote Employees) | GYTPOL Cloud Service EMEA & Asia: https://<customer-tenant>.execute-api.eu-central-1.amazonaws.com/prod
https://gytpol-re-<customer-tenant>-tasks.s3. eu-central-1.amazonaws.com | 443 | HTTPS |
Americas: https://<customer-tenant>.execute-api.us-east-2.amazonaws.com/prod
https://gytpol-re-<customer-tenant>-tasks.s3. us-east-2.amazonaws.com | |||
Specific customer tenant URL that requires whitelisting is specified in the appsettings.json file, which will be provided after the Sensor is generated. | |||
GYTPOL App Server | GYTPOL DB server (Required for deployments over 3,000 devices) | 1433, 1434 | SQL queries |
GYTPOL App Server | DC’s | 389, 9389, 636, 135, 138-139, 445, 464, 53, 3268, 3269 + Dynamic ports (49152-65535) | GP PS queries + GP modeling queries |
GYTPOL App Server | GYTPOL Cloud Service EMEA & Asia: https://<customer-tenant>.execute-api.eu-central-1.amazonaws.com/prod
https://gytpol-re-<customer-tenant>-tasks.s3. eu-central-1.amazonaws.com | 443 | HTTPS (In case GYTPOL cloud service connection is desired for external devices and Remote Employees) |
Americas: https://<customer-tenant>.execute-api.us-east-2.amazonaws.com/prod
https://gytpol-re-<customer-tenant>-tasks.s3. us-east-2.amazonaws.com | |||
Specific customer tenant URL that requires whitelisting is specified in the appsettings.json file, which will be provided after the Sensor is generated. | |||
IT Admin Computers | GYTPOL App Server | 3389 9093 | RDP UI – HTTPS |
Local Ports on GYTPOL server should be free and not used. | 5000, 8080, 8082, 8083, 9090, 9093, 9370 | Ports needed for GYTPOL to run properly. | |
Antivirus
Exclude the following directory for GYTPOL App server only:
<GYTPOLSERVER> \ (Gytpol installation drive – i.e. ‘C’ or ‘D’ drive) \ Gytpol
Detailed Configuration Instructions
Windows Server language settings
To verify whether the server language is configured as English (United States) in Powershell, you can execute the following commands:
Get-Culture
The expected outcome is 'en-US'.
Get-WinSystemLocale
The expected outcome is 'en-US'.
If you need to modify the locale settings, you can do so through the Control Panel's language settings:
Open Control Panel:
Click the bottom-left Start button to open the Start Menu, type “control panel” in the search box and select Control Panel in the results.
Change View by Category:
If your Control Panel is not already in Category view, change it to Category view by selecting "Category" from the "View by" drop-down menu in the top-right corner of the Control Panel window.
Click on "Clock and Region":
In the Control Panel, click on the "Clock and Region" option.
Click on "Region":
Within the "Clock and Region" section, click on the "Region" link.
Change Formats Tab:
In the "Region" dialog box, go to the "Formats" tab.
Click "Additional settings...":
In the "Formats" tab, you'll see a button labeled "Additional settings..."; click on it.
Change the Current system locale:
A new window titled "Customize Format" will open. In the "Numbers" tab, you will find a section labeled "Current system locale." Here, you can select the desired system locale from the drop-down menu. Choose "English (United States)" if that's what you want.
Apply Changes:
After selecting the desired system locale, click the "OK" button in the "Customize Format" window.
Apply and Restart:
Back in the "Region" dialog box, click "Apply" and then confirm any prompts that appear.
Restart Your Computer:
To fully apply the changes, you will need to restart your server.
After following these steps, your server's locale settings should be updated to the selected locale, in this case, "English (United States)."
Important note: When installing on the latest Server 2022 builds, please ensure that the Beta checkbox is not selected.
How to check if Windows Firewall is at ‘off’ state
To configure the Windows Firewall settings on the GYTPOL server, follow these steps:
Open Command Prompt as Administrator:
Click on "Start," type "cmd," and right-click on "Command Prompt."
Select "Run as Administrator" to open Command Prompt with administrative privileges.
Access Windows Firewall Settings:
In the Command Prompt, type firewall.cpl and press Enter.
Disable Firewall Components:
Ensure that the following components are set to "Off" (indicated by a red X):
Domain networks
Private networks
Guest or public networks
If Any Component is Set to "On" (Green):
Click on "Turn Windows Firewall on or off."
Set all tabs to "Off" and confirm the changes.
Access Services:
In the Command Prompt, type services.msc and press Enter.
Check Windows Firewall Service:
In the Services window, locate the service named "Windows Firewall."
Ensure that the service is set to "Automatic" and is running.
If the Service is Stopped and Startup Type is Disabled:
Double-click on the "Windows Firewall" service.
Change the Startup type to "Automatic."
Click on the "Start" button to start the service and wait for it to start.
After it has started, click "OK."
If Unable to Change Service:
Check the Group Policy settings to ensure that the Windows Firewall service is not disabled.
By following these steps, you will configure the Windows Firewall settings on the GYTPOL server to meet the specified requirements.
In case of using the Windows Firewall
To configure the Windows Firewall settings for GYTPOL on the server, please follow these detailed steps:
Open Command Prompt as Administrator:
Click on the "Start" menu, type "cmd" in the search bar.
Right-click on "Command Prompt" in the search results.
Select "Run as Administrator" to open Command Prompt with administrative privileges.
Access Windows Firewall Settings:
In the Command Prompt window, type firewall.cpl and press Enter.
Access Advanced Settings:
In the "Windows Firewall" window that appears, click on "Advanced settings." This will open "Windows Firewall with Advanced Security."
Create an Inbound Rule:
In the "Windows Firewall with Advanced Security" window, locate and select "Inbound Rules" in the left pane.
Add a New Rule:
Right-click on "Inbound Rules" and choose "New Rule."
Configure Rule Type:
In the "New Inbound Rule Wizard," select "Port" and click "Next."
Specify Protocol and Ports:
Choose "TCP" as the protocol type.
In the "Specific local ports" field, enter "9090,9093" to specify the required ports.
Click "Next."
Action:
Select "Allow the connection" and click "Next."
Profiles:
Ensure that "Domain" and "Private" profiles are selected.
Click "Next."
Name the Rule:
Provide a relevant name for the rule, such as "GYTPOL Port Access."
Optionally, you can add a description for reference.
Click "Finish" to create the rule.