.NET Core Hosting Bundle for IIS
Both Orchestrator and Orchestration Manager where developed using .NET Core. This allows both applications to be deployed as ‘Self-Contained’, meaning that they do not have to rely on a specific version of .NET Core run-time in order to work. This is beneficial when updating the applications as it means the infrastructure hosting these Apps does not need to be updated (that is, newer versions of .NET framework do not need to be installed). A minimal version of the run-time is deployed with each application.
In the initial setup, IIS needs the ASP.NET CORE module installed in order to host the two applications.
If the server does not have an internet connection, the Microsoft Visual C++ Redistributable will need to be installed before the Hosting Bundle can be installed. Go to the Microsoft website to download the the redistributable.
To install the .NET Core Hosting Bundle, go to the Windows Hosting Bundle Installer , which automatically begins the download process.
Once the install has completed, either restart the System or execute net stop was /y followed by net start w3svc from a command prompt. Restarting IIS picks up a change to the system PATH made by the installer.
Configuring the Application Pools
It is necessary for Orchestrator to communicate with an organization's Active Directory to look up information about the user who triggered an alarm. This information is only required for contacting the user, such as email, Skype Username, and so on. For this reason, the Orchestrator application requires Read access to the organization's Active Directory. To achieve this, the Orchestrator's application pool must be run as a user with this level of access, such as the domain controller. Note that this is the minimum permission required.
To create the Application Pool for the Orchestrator, do the following:
Open IIS, and select Applications Pools > Add Application Pool.
In the window that opens, ensure that the details match the following:
Once the application pool is created, right-click on it, and select Advanced Settings. In the window that opens, scroll to the setting Identity and select the ellipsis.
Select Custom Account > Set.
Next, enter the credentials of the privileged user that you want Orchestrator to be run as. Ensure that this user has Active Directory Read access.
Select Ok to progress through each dialog.
The Orchestration Manager needs permission to start and stop the Orchestrator Site on IIS.
It will not stop IIS itself, so no other sites on the same IIS instance will be affected.
To allow the Orchestration Manager this permission, you must give NETWORK SERVICE permission to Read the file: %windir%\System32\inetsrv\Config\ redirection.config as follows:
Right-click on the file and select Properties , then the Security tab, and Edit.
In the window that opens, select Add.
In the next window, enter NETWORK SERVICE into the text area and select Check Names.
Select OK, and when you return to the next window, ensure that NETWORK SERVICE has Read permission enabled.
Select Apply > OK to complete the process.
In the Add Application Pool window, select OK to create the Application Pool setup.
In the Advanced Settings for the Application Pool, ensure the Identity property is set to NETWORK SERVICE.