Pre-Installation Checklist for Multi-Server Installation

of the Apprenda Platform

Last updated for Apprenda 5.5.5/5.0.6

Prior to beginning your Apprenda Platform installation, make sure that you have fulfilled these

requirements and filled in the information relevant to your Platform configuration. This checklist is

intended to give you an at-a-glance assessment of installation prerequisites; additional information for

fulfilling these requirements has been provided in the Preparing for the Apprenda Platform section below.

Windows Checklist Complete this checklist before installation of your Apprenda environment.

Infrastructure Requirements

.NET 4.5 installed on every Windows machine

Windows Firewall disabled for all profiles (it can be enabled after install if required)

Confirm that all servers can resolve each other by host name (not just FQDN)

Confirm WMI access for every server that will be running Apprenda services

o WMI access can be confirmed by running the following command: get-wmiobject

win32_operatingsystem -comp <computername>

If a DMZ is to be set for the Load Managers, the machines should be inside the network for

Apprenda installation and then moved out

Configure the Platform Repository Network Share and requisite folders

Configure the IIS Configuration Share (if installing multiple Load Managers)

Confirm that File Sharing is allowed across Firewall zones (if applicable)

If using a hardware Load Balancer, confirm that incoming traffic is allowed on ports 80 and 443;

traffic incoming on port 80 may be redirected to 443

Software Requirements

Server Roles are properly installed and configured from Server Administration snap-in

o Web Server role for machines that will be hosting websites

Configure MSDTC for every SQL Server Nodes

Anti-Virus software is disabled/configured not to interfere with Apprenda

UAC is disabled (For Apprenda installations earlier than version 5.0.5)

All servers are time-synced

Any HTTP proxies have been removed or disabled from all servers and the machine from which

the Installer will be run. This includes any proxies for the user under which the Installer will be run,

as well as any accounts under which Apprenda services may run (including the Apprenda Admin

account, Apprenda System account, IIS Shared Configuration account, Local Service, and Local

System); confirm that no Group Policies are in place that will recreate or re-enable such proxies.

2

Active Directory and Network Requirements

User account under which the Apprenda Installer will be run (this may be the Apprenda Admin or

System user account) created in Active Directory and granted the following:

o Username: __________________________________

o Password: __________________________________

o Local admin rights on all Windows machines where Apprenda services will run

o Read/write access to the Apprenda Repository Shares

o Read/write access to the IIS Configuration Share (if installing on multiple Load Managers)

Apprenda Admin user account created in Active Directory

o Username: __________________________________

o Password: __________________________________

o Read/write access to the Apprenda Repository Shares

Apprenda System user account created in Active Directory

o Username: __________________________________

o Password: __________________________________

Admin and System accounts have “Log on as a service” and “Allow log on locally” rights

System account has “Impersonate a client after authentication” rights

IIS Shared Configuration user account created in Active Directory for accessing the IIS

Configuration Share (if using multiple Load Managers) and granted the following:

o Username: __________________________________

o Password: __________________________________

o Local admin on all Load Manager nodes

o “Log on as a service” rights on all Load Manager nodes (if using multiple Load Managers)

o Read/write access to the IIS Configuration Share (if using multiple Load Managers)

o In Windows Server 2012 and later, if UAC is enabled this user may need explicit

permissions to access the C:\Windows\System32\inetsrv directory

Apprenda SQL Server account created in SQL Server and given sysadmin and serveradmin roles

o Username: __________________________________

o Password: __________________________________

o The password should be set to not expire (if possible)

o The account must permit remote access to the SQL Server instance(s)

URL for your Apprenda environment (provide one entry per cloud if installing on multiple clouds)

o cloudURL: ___________________________________

Path-based URL host (subdomain) for your Apprenda environment, which is configurable in the

Installer (the default value is “apps”)

o Path-based URL host: ___________________________________

A DNS entry for the cloudURL value(s) noted above

DNS entries (for the cloud URL value(s) provided above) for one of the following:

o Wildcard subdomain (*.cloudURL)

OR

3

o The path-based URL host followed by the cloudURL (subdomain.cloudURL) AND “www”

followed by the cloudURL (www.cloudURL)

Email Account that will be used for the Apprenda Platform (you can use Apprenda’s free email

provider if you prefer)

o Address: ________________________

o Password: ________________________

o Server: ________________________

o Port: _________________________

SSL and Signing Certificates

SSL certificate(s) generated by the Apprenda Installer will be used OR an SSL certificate with one

of the following certificate subjects has been provided for each cloud:

o Wildcard subdomain (*.cloudurl)

OR

o The path-based URL host followed by the cloudURL (subdomain.cloudURL)

Signing certificate generated by the Apprenda Installer will be used OR a certificate has been

provided that can be used for signing claims.

If WS-Federation will be used for an External User Store or enabled on a per-Organization account basis:

A server or web farm with Active Directory Federation Services (AD FS) that Apprenda can

manage as a relying party security token service with the appropriate DNS entry in place. Please

see the Setup Procedures for AD FS Node section below for additional requirements.

o Apprenda managed AD FS Host: ____________________________________________________________

o Apprenda managed AD FS federation endpoint: ____________________________________________

Linux Checklist Complete this checklist if your Apprenda environment will include at least one Linux node for Java Web

Application hosting.

‘Root’ Account Access Requirements (Platform version 5.0.x)

‘Root’ account has identical password on each node

o Password: __________________________________

‘Root’ account has the ability to create local accounts; alternately, a local account named

‘apprenda’ can be created on each node.

Install User Account Access Requirements (Platform version 5.5.x)

Account that you plan to use for installing Apprenda on Linux nodes is created identically on each

node

o Name: _____________________________________

o Password: __________________________________

o (If not using the ‘Root’ account) Elevation method (SU or SUDO): ______________

4

If you plan to allow Apprenda to auto-create a default workload account for Java workloads,

ensure that the ‘Root’ account has the ability to create local accounts; if not, the local account you

plan to use as a default workload account must be created identically on all Linux nodes

o Account: ____________________________________

Infrastructure Requirements

Iptables is disabled (and set not to restart on reboot) or configured to not block Apprenda’s ARR

service.

All servers are time-synced

Apprenda Platform Repository mount directories are created

o “System” mount point: ____________________________________________________________________

o “Application” mount point: ________________________________________________________________

Software Requirements

‘Libcgroup’ library is installed.

‘Cgconfig’ service is started and set to restart on reboot.

Any HTTP proxies have been removed or disabled from all servers

If you intend to use JBoss for Apprenda’s Java container (the Platform defaults to Tomcat), JBoss 6

is installed to the same install path on each Linux server

o Install path: _________________________________________________________________________________

Oracle Checklist Complete this checklist if your Apprenda environment will include at least one Oracle RDBMS Installation.

Administrator Account Requirements

Database Administrator account is created on all Oracle nodes and has been granted the

appropriate permissions.

o Username: __________________________________

o Password: ___________________________________

Software Requirements

DATA_PUMP_DIR directory object is mapped to an OS path with adequate storage to

accommodate schema patching

5

Preparing for the Apprenda Platform This document provides instructions on how to set up an environment for the Apprenda Platform.

Minimum Hardware Requirements (Windows and Linux) Apprenda relies on distributing application jobs throughout a grid of networked computers. This creates a

scenario where there are no onerous requirements on any specific server, so long as the network as a

whole can satisfy demand.

For a given Windows host, Apprenda requires:

2 Cores

2 GB RAM required, 4GB recommended

40 GB Hard Drive

Network Interface

For a given Linux host, Apprenda requires:

2 Cores

2 GB RAM required, plus 0.5 GB RAM for every individual Java Web Application workload the

node will host

40 GB Hard Drive

Network Interface

Apprenda may not behave correctly on computers that do not meet these minimum requirements. Note

that this is a minimum configuration and is not intended for production environments.

In order for the Platform to function correctly, Apprenda requires that all machines be able to resolve each

other by host name (and not just by FQDN).

Additionally, certain software should be turned off or must be configured in a manner to not interfere

with Apprenda:

Power management

Automatic update services

Any potential time skews among nodes should be eradicated by insuring that all nodes are time

synced (NTP is recommended for this)

Password expiration (for the Apprenda accounts)

Only for Apprenda installations earlier than version 5.0.5: for Windows servers, user account

security (UAC) should be off for every machine. For Windows Server 2012/R2, this will also require

changing the EnableLUA value (typically located at

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System) in the

registry to “0”. Make sure to restart the server after disabling UAC\updating the registry value.

Firewall software (e.g. Windows Firewall, iptables)

Anti-virus software (e.g., Symantec Anti-Virus, for which live monitoring of the file system

interferes with key Platform functions). If disabling Anti-Virus software is not a viable option for

security reasons, it must be configured (in some cases via Group Policy) to have an exception for

the root Apprenda folder (the location of this folder is configurable in the Installer; the default

location is C:\ApprendaPlatform) on each node.

6

Primary Domain Controller Setup (Windows) As noted in the Active Directory and Network Requirements section of the checklist above, Apprenda

requires a number of network-level security accounts as determined by the specific configuration of your

installation (all configurations require what are called the “Apprenda System” and “Apprenda

Administrator” accounts). The specific permissions that each account requires are listed in the checklist.

Notably, the user under which the Apprenda Installer is run must be part of the Administrators group (i.e.,

have local admin rights) on all Windows servers that are provisioned for use by Apprenda, as various

portions of Apprenda operations require the ability to modify the system registry, copy & delete files, and

run Windows Services. Using Active Directory to establish an authentication mechanism for these

accounts ensures that effective permissions are consistent across all Apprenda nodes. Please refer to

Microsoft documentation for configuring Active Directory and DNS servers. Note: the Apprenda Platform

cannot be installed on a Domain Controller.

Setup Procedures for Cache Nodes and Platform Coordination Nodes

Software Prerequisites

Microsoft Windows Server 2008/R2 or 2012/R2, Microsoft Windows 7 or 8 Home Premium,

Professional or Enterprise (64-bit required in each case)

.NET Framework 4.5

Cache Nodes only: MS Visual C++ Redistributable Packages for Visual Studio 2013 (if not found

on designated cache nodes, the Installer will offer a repair option that will attempt to install this)

Account Setup

For all machines, the Apprenda System account and Apprenda Administrator account should be granted

“Log on as a service” and “Allow log on locally” rights.

Setup Procedures for Windows Web Servers and/or Load Managers

Software Prerequisites

Microsoft Windows Server 2008/R2 or 2012/R2, Microsoft Windows 7 or 8 Home Premium,

Professional or Enterprise (64-bit required in each case)

.NET Framework 4.5

IIS 7 or above; IIS request filtering must allow DELETE, GET, POST, and PUT requests

iisnode (available in your installation package at Installer\IISModules\iisnode-full-v0.2.11-x64.msi

or at https://github.com/tjanczuk/iisnode)

ARR (Load Managers only)

Roles Setup

Web Server role needs to be installed with the following services turned on: ASP.NET and ASP.

7

Account Setup

For all machines, the Apprenda System account and Apprenda Administrator account should be granted

“Log on as a service” and “Allow log on locally” rights. The Apprenda System account must also have

“Impersonate a client after authentication” rights. Additional account setup (as described below) are

required if installing using a shared IIS configuration.

Shared IIS Configuration Share Setup

Installing multiple Load Manager nodes requires the use of a shared IIS configuration housed in a network

share. This share is a folder that must be set up manually prior to running the Installer, and to which a

designated network account is granted full control. The Apprenda Installer will create the actual shared

configuration automatically, so only the share itself should be created prior to installation. Any existing

shared configuration should be disabled in IIS prior to running the Apprenda Installer (as it will cause the

IIS Configuration step to fail). For IIS 8 and later, the Web Server Role may require the Web

Server>Security>Centralized SSL Certificate Support option in order for to successfully set up Shared

Configuration.

Because the Load Manager service will run as the IIS Shared Configuration account, the IIS Shared

Configuration account must be part of the Administrators group (i.e., have local admin rights) and have

“Log on as a service” rights on all Load Manager nodes (local admin rights are necessary to update URL

rewrite rules). This account must also have read/write access to the IIS Configuration Share (and may also

require explicit permissions to access the C:\Windows\System32\inetsrv directory on Load Manager

nodes) when UAC is enabled. The user under which the Apprenda Installer is run must also have

read/write access to the IIS Configuration Share.

Application Request Routing (ARR) Installation

Load Managers require ARR and its dependencies. For Load Managers running Windows Server 2008/R2,

the Apprenda Installer will install and configure the appropriate version of ARR and its dependencies. For

Windows Server 2012/R2, ARR version 2.5 or higher (and its dependencies) must be installed manually.

The optimal method of installing ARR is through the MS Web Platform Installer, which will install and

configure your selected version of ARR and its dependencies in the appropriate order and with the

requisite IIS service restart. If this is not a viable install solution, alternate installation instructions can be

found at http://blogs.iis.net/erez/archive/2013/11/27/installing-arr-manually-without-webpi.aspx

Setup Procedures for Windows Application Servers

Software Prerequisites

Microsoft Windows Server 2008/R2 or 2012/R2, Microsoft Windows 7 or 8 Home Premium,

Professional or Enterprise (64-bit required in each case)

.NET Framework 4.5

SMO 2012 on Application servers designated as Storage Controlling Services hosts

8

Account Setup

For all machines, the Apprenda System account and Apprenda Administrator account should be granted

“Log on as a service” and “Allow log on locally” rights. The Apprenda System account must also have

“Impersonate a client after authentication” rights.

SMO Setup for Storage Controlling Services Hosts

It is necessary that at least one Windows Application Server per cloud host Apprenda’s Storage

Controlling Services, which interfaces with SQL Server and Oracle to configure guest application storage.

These servers are required to have SQL Server Management Objects (SMO) 2012 installed. At installation,

the Platform will mark any Windows Application Servers with SMO installed as capable of hosting the

Storage Controlling Services and will deploy this component to those servers. If no suitable host is found,

it will install the required SMO version on a single Application Server. In order to control which

Application Servers are designated as Storage Controlling Services Hosts on multi-node Platform

configurations, we recommend installing a supported version of SMO (version 11.0 or higher) on

Application servers that you would like to designate as Storage Controlling Services hosts prior to running

the Apprenda Installer. As needed, after installation additional Application servers can be configured as

Storage Controlling Services hosts by installing SMO on the servers and then designating them as such in

the System Operation Center (SOC).

Setup Procedures for Windows AD FS Nodes Note: AD FS nodes will also act as Windows Application Servers, as they host the Apprenda Federation

WCF service. As needed they may also be configured to act as Storage Controlling Service hosts per the

instructions above.

Software Prerequisites

Microsoft Windows Server 2008/R2 or 2012 Professional or Enterprise (64-bit required in each

case) Please note: Windows Server 2012 R2 cannot be used, as it supports only AD FS 3.0 (which

is not supported for this version of the Apprenda Platform)

.NET Framework 4.5

Supported version of AD FS

o AD FS 2.0 (available at http://www.microsoft.com/en-us/download/details.aspx?id=10909)

o AD FS 2.1 (available as a role in Windows Server 2012)

IIS 7 or above

Account Setup

For all machines, the Apprenda System account and Apprenda Administrator account should be granted

“Log on as a service” and “Allow log on locally” rights. The Apprenda System account must also have

“Impersonate a client after authentication” rights.

AD FS Setup

Please contact your Client Services representative for additional setup instructions. Additional accounts

and setup will be required if using an AD FS web farm.

9

Setup Procedures for Linux Servers

Software Prerequisites

CentOS 6, Red Hat Enterprise Linux 6.

‘Root’ Account Access (Platform version 5.0.x)

So that the Apprenda Platform can access each Linux node with one given set of credentials, ensure that

the ‘Root’ account for each node has an identical password. The ‘Root’ account will also need permission

to create users, as an account named ‘apprenda’ will be created as the run-as account for java workloads.

Alternately, the ‘apprenda’ local account can be created manually on all nodes. After installation a

different account can be specified via the Hosting.Linux.DefaultLinuxContainerWorkloadUserAccount

setting in the Configuration>Platform Registry page in the System Operation Center.

Install User Account Access (Platform version 5.5.x)

So that the Apprenda Platform can access each Linux node with one given set of credentials, ensure that

the account you plan to use as the Install User account is created on each node and has an identical

password and elevation method (SU or SUDO). If you plan to use the ‘Root’ account, simply ensure that

the account has an identical password on all nodes. Also, during installation you will need to choose a

local account to be used as the Default Workload Account for running Java Web App workloads; if you

plan on setting Automatic Workload Account Creation to “Enabed” during installation, then Apprenda will

auto-create the account for you on all nodes at install time. In that case, you need to ensure that the

‘Root’ account has the ability to create local accounts. If you plan to set Automatic Workload Account

Creation to “Disabled,” however, you will need to manually create a local account identically on all Linux

nodes that will be used as the Default Workload Account.

Platform Repository Mounts

Use method of choice for mounting the Apprenda Platform Repository (cifs-utils is a tested method):

Create two different directories on each Linux node to use as mount points for Platform

Repository share folders; the names and locations of the directories must be identical across all

Linux nodes that will be part of your environment. You will need to enter the directory paths you

have set for the “System” and “Application” directories during Platform installation.

Mount these Platform Repository shares, respectively, to the “System” and “Application” mount

points that were created in the previous step (assuming that the Platform Repository has been

automatically configured by the Apprenda Installer):

o //{platformRepoHost}/apprenda

o //{platformRepoHost}/applications

Ensure that the shares will be re-mounted in case of server restart/reboot; one method is

described here:

o http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-nfs-config-autofs.html

10

Libcgroup Library Installation

Install the ‘libcgroup’ library. For installation of necessary libraries on a CentOS node, CentOS’s ‘yum’

package management system is recommended. Example terminal command:

yum install libcgroup

Firewall Management

Any operating firewalls, such as ‘iptables,’ will likely interfere with the Platform’s Application Request

Routing service when contacting the node. Either configure these firewalls to allow access to the ARR

service (contact Apprenda Client Services for specific details), or ensure that the firewalls are disabled. For

example, run these terminal commands to prevent ‘iptables’ from starting on reboot, and then to turn it

off:

chkconfig iptables off

service iptables stop

Cgconfig Service Management

Start the ‘cgconfig’ service and set it to start on reboot:

service cgconfig start

chkconfig cgconfig on

JBoss Installation (optional)

By default, Apprenda installs and uses Tomcat as the Java container host for deployed Java Web

Applications on Linux servers. If you intend to use JBoss instead, ensure that JBoss 6 is installed to an

identical install path on each Linux server. Some post-installation configuration of the Apprenda Platform

is necessary to enable JBoss deployment of Java Web Application workloads.

Setup Procedures for SQL Server Nodes (Windows) SQL Server should be installed using the planned instance name, and be configured to permit direct

database logins (mixed-mode authentication is acceptable).

Software Prerequisites

Microsoft Windows Server 2008/R2 or 2012/R2, Microsoft Windows 7 or 8 Home Premium,

Professional or Enterprise

One of these (with the SQL Server Browser Service enabled):

o SQL Server 2005 Standard edition or higher

o SQL Server 2008 Express edition or higher

o SQL Server 2008 R2 Express edition or higher

o SQL Server 2012 Express edition or higher

MSDTC Configuration

MSDTC must be configured manually for any machines hosting SQL Server instances that do not also host

Apprenda services. MSDTC can be configured as follows (steps should be repeated for each machine

hosting a SQL instance):

11

1. Run "dcomcnfg" from a command prompt; this will open a Component Services configuration

window

2. Expand “Component Services” > “Computers” > “My Computer” > “Distributed Transaction

Coordinator” > “Local DTC”.

3. Right click on "Local DTC" and select “Properties”.

4. Click on the “Security” tab.

5. Check the following options, then click "OK:

a. Network DTC Access

b. Allow Remote Clients

c. Allow Inbound

d. Allow Outbound

e. No Authentication Required

f. Enable XA Transactions

g. Enable SNA LU 6.2 Transactions (if available)

Database Server Connectivity

This section leads you through configuration of SQL Server for usage by Apprenda.

Configuring Server Logins

Create the account that is intended for use by Apprenda. This account should have these roles:

sysadmin

serveradmin

Allowing Remote Server Connections

Configure the database server to allow remote server connections. In SQL Server Management Studio,

follow these steps:

1. Right-click on the database server in Object Explorer after connecting and choose Properties.

2. Choose the Connections page.

3. Check Allow remote connections to this server.

It may be necessary to adjust the network configuration to permit TCP/IP connections. Using SQL Server

Configuration Manager:

1. Locate SQL Server 2005 (2008/2012) Network Configuration -> Protocols (for your database

instance).

2. Ensure TCP/IP is set to Enabled.

3. Restart the SQL Server Service if this setting was changed.

12

Setup Procedures for Oracle RDBMS (Windows and Linux)

Software Prerequisites

No specific OS is required for an Oracle RDBMS installation; Red Hat Enterprise Linux 6 and

Windows 7 have been tested successfully.

Oracle Database 11g

o Oracle RAC is not supported in Apprenda 5.0

o The Oracle directory object ‘DATA_PUMP_DIR’ must be mapped to an OS path with

sufficient space to accommodate backups of any hosted guest application schemas that

may undergo patching at any one time. DATA_PUMP_DIR is created by default when

Oracle 11g is installed on Windows or Unix; if the directory object does not exist, it must

be created manually.

Administrator Account Setup (Platform Version 5.0.5 and higher)

1. Locate the admin.sql script in the Binaries>Oracle folder of your installation package (if running

the Express Installer, this folder will appear in a temp>Apprenda folder on your primary drive

once the Apprenda.Express executable has been launched).

2. Copy the script locally and make the following alterations as needed:

a. Replace all instances of the placeholder “&APPRENDA_ADMIN_USER” with the user name

you wish to use.

b. If the user needs to be created, replace the placeholder “password” with the password

you wish to use, and uncomment the first line by removing the “--“.

3. Run the updated script against each Oracle node to create the user (if needed) and configure

administrator permissions.

Administrator Account Setup (Platform Version 5.0.4 and earlier)

As the admin.sql script describe above will not be available in the installation package for versions 5.0.4

and earlier, the following steps must be performed:

1. Run the following script on each Oracle node to create the database administrator account,

replacing “APPRENDAADMIN” with the name you wish to use and “PASSWORD” with the

password you wish to use:

CREATE USER APPRENDAADMIN IDENTIFIED BY PASSWORD ACCOUNT UNLOCK ;

/

GRANT DBA TO APPRENDAADMIN; / ALTER USER APPRENDAADMIN DEFAULT ROLE DBA; /

2. Run the Apprenda Installer and be sure to specify the account created in step 1 as the

administrator account for all Oracle nodes. Validation will fail because the Oracle administrator

account does not have the appropriate permissions. The Installer will prompt you to configure

permissions with a script displayed in the Installer. 3. Copy the displayed script locally and modify it to apply to the administrator account you created

in step 1. 4. Run the updated script against each Oracle node to configure administrator permissions.

13

Setup Procedures for the Platform Repository Network Share The Apprenda Platform requires a network share location which will serve as the repository for all Platform

and guest application binaries. It can be located on one of the Windows Application servers on the

Platform, which can be configure by the Apprenda Installer, or on a network share (ideally located on a

SAN or NAS), which must be configured manually.

Account Setup

The Apprenda Administrator Account and the account under which the Installer will be run have read/

write access.

Automatic Configuration (using the Apprenda Installer)

If one of the Windows Application servers specified in the Installer is chosen for the Platform Repository,

during validation the Installer will attempt to create the necessary folder and shares on the specified

server. The Installer will create a folder called “Partitions” on the drive specified for Platform content, and

will create three separate shares within this folder:

Applications

Apprenda

SAC

If for some reason the user account under which the Apprenda Installer will be running does not have

enough permissions to create the folder and shares, follow the Manual Configuration Steps.

Manual Configuration

If you need to manually configure the share location, create the following three folders and make sure

that the Apprenda Administrator Account and the account under which the Installer will be run have

read/write access:

Applications

Apprenda

SAC

The folders may be created as three folders within a single share or as three separate shares accessible

through the same base path. Due to character path limits in Windows, the base path to these folders must

contain no more than 50 characters.

Additional Configuration for Extensibility Services

Once installation is complete, the Extensibility Services application—which is necessary for both Add-On

and Bootstrap Policy functionality—runs by default under the Apprenda System Account (which, as

indicated above, requires read and write access to all the Platform shares). For security reasons, it is

possible to configure services to run under more limited user accounts. In most cases, these accounts do

not require access to the Platform shares; however, in order for Platform Add-On creation to function

properly, the user account under which the Extensibility Services runs must have read access to the

AddOns folder created during installation within the Apprenda share. If the Apprenda Extensibility

Service is configured to run under a user account that does not have full access to the Platform shares,

read-only share and security access to the folder for the account under which this service will run should

be configured after Platform installation is complete. In addition, the user account must be granted

“Impersonate a client after authentication” rights in order for Bootstrap Policy functionality to work.