Prerequisites and Privileges for Installing and Administrating
Symantec ICA

prerequisites and privileges for
Symantec ICA
installation and administration. It contains the following topics:
The
Symantec ICA
installer can be run before installation to check the prerequisites on the servers.

Disk Space Requirements for
Symantec ICA

The
Symantec ICA
application server stores the web application files, which require a minimum of 1 GB of disk space.
Microsoft SQL Server component requires approximately 20% the size of the total processed data. For example, if one target database is 350 GB and a second target database is 900 GB, then allocate 250 GB of space for
Symantec ICA
use on the SQL Server Analysis Services instance. The percentage is specific to the deployment environment, and actual disk space requirements vary by environment. The minimum amount of required disk space is 200 GB.
The physical components of
Symantec ICA
are an application server, and a database server with the analysis services.
Symantec ICA
can be installed on one server or multiple servers. Best practice is to use at least two servers for the production environment. The physical components are as follows:
  • Web and application server hosts the
    Symantec ICA
    application pool and the
    Symantec ICA
    web site. The physical server has Microsoft Internet Information Service (Microsoft IIS) web server.
  • Database server has the
    Symantec ICA
    database, database utilities, and analysis services with the
    Symantec ICA
    cube, measures, and so on. The physical server has Microsoft SQL Server Database Engine, and Microsoft SQL Server Analysis Services (Microsoft SSAS) installed on it.
    Microsoft SQL Server Database Engine and Microsoft SSAS can be installed on the same server or separate servers. If Microsoft SQL Server and Microsoft SSAS are installed on the same server, then allocate 50% of the memory to Microsoft SQL Server and 50% to Microsoft SSAS. The setting is available on the Memory Settings properties of the Microsoft SQL Server.
The rest of this chapter describes the requirements for the application server and the database server.
See Also:
Microsoft documentation for information about optimizing the TEMPDB database and data files, and instant file initialization

Production and Development Sizing Recommendations for
Symantec ICA

The sizing recommendations for
Symantec ICA
depend on the use of the server, such as production or development, and the server architecture. The following tables list the recommended sizes for the different uses and architectures.

Sizing for Three Server Architectures

The following table lists the recommended sizes for the production environment in a three-server architecture.
Three-server Architecture for Production Environment Sizing
Server
CPU Cores
Memory
Ethernet
Database Storage in GB
TEMPDB Storage in GB
Microsoft SQL Server
16
64 GB
2 x 1GigE
512 GB
512 GB
Microsoft SSAS
16
64 GB
2 x 1GigE
512 GB for database and file system
Not applicable
Web and Application
8
32 GB
2 x 1GigE
64 GB for file system
Not applicable
The following table lists the recommended sizes for the development environment in a three-server architecture.
Sizing for Three Server Development Environment
Server
CPU Cores
Memory
Ethernet
Database Storage in GB
TEMPDB Storage in GB
Microsoft SQL Server
16
64 GB
1 x 1GigE
512 GB
512 GB
Microsoft SSAS
16
64 GB
1 x 1GigE
512 GB for database and file system
Not applicable
Web and Application
8
32 GB
1 x 1GigE
64 GB for file system
Not applicable
The following table lists the recommended sizes for the production environment in a two-server architecture.
Sizing for Two Server Architectures
Server
CPU Cores
Memory
Ethernet
Database Storage in GB
TEMPDB Storage in GB
Microsoft SQL Server and Microsoft SSAS
16
128 GB
2 x 1GigE
512 GB to 1 TB
512 GB to 1 TB
Web and Application
8
32 GB
2 x 1GigE
64 GB for file system
Not applicable
The following table lists the recommended sizes for the test environment in a two-server architecture.
Sizing for Two Server Test Environment
Server
CPU Cores
Memory
Ethernet
Database Storage in GB
TEMPDB Storage in GB
Microsoft SQL Server and Microsoft SSAS
16
128 GB
1 x 1GigE
512 GB to 1 TB
512 GB to 1 TB
Web and Application
8
32 GB
1 x 1GigE
64 GB for file system
Not applicable
The following table lists the recommended sizes for the development environment in a two-server architecture.
Sizing for Two Server Development Environment
Server
CPU Cores
Memory
Ethernet
Database Storage in GB
TEMPDB Storage in GB
Microsoft SQL Server and Microsoft SSAS
16
96 GB
1 x 1GigE
256 GB
256 GB
Web and Application
4
32 GB
1 x 1GigE
64 GB for file system
Not applicable

Server Requirements for
Symantec ICA

Symantec ICA
needs certain requirements on the servers. The following sections list the software and other requirements needed:
Best practice is to set server power options to High Performance. Power options are available in the Control Panel under Power Options Advanced Settings.

Microsoft SQL Server Requirements for the Web and Application Server Hosting
Symantec ICA

The following table lists the Microsoft SQL Server requirement for the application server hosting
Symantec ICA
. This is server has web and application services. The required software allows the application server to communicate with the database server.
Requirements for Application Server Hosting
Symantec ICA
Software
Requirement
Microsoft .Net framework
Microsoft .Net framework 4.7.1 must be installed on the database server and the application server.

Microsoft IIS Server Requirements for the Web and Application Server Hosting
Symantec ICA

The following table lists the requirements for the Microsoft IIS server hosting
Symantec ICA
:
Microsoft IIS Server Requirements for Server Hosting
Software or Role
Requirement
Web Server (Microsoft IIS) role
Enabled on the target Microsoft Windows Server 2012 SP1 host. When adding the Web Server (Microsoft Internet Information Services (Microsoft IIS)) role for the first time, install the following role services:
Web Server (IIS) under Windows Server Web Server Role (Microsoft IIS):
  • Common HTTP Features
    • Default Document
    • Directory Browsing
  • Health and Diagnostics
    • HTTP Logging
  • Performance
    • Static Content
    • Static Content Compression
  • Security
    • Windows Authentication
      Ensure that Extended Protection is set to Off.
  • Application Development
    • .NET Extensibility 4.5
    • ASP.NET 4.5
    • ISAPI Extensions
    • ISAPI Filters
Web Server (Microsoft IIS) features
Enabled on the target Microsoft Windows Server 2012 SP1 host. When adding the Web Server (Microsoft IIS) role for the first time, install the following role features:
.NET Framework 3.5 Features:
  • .NET Framework 3.5
.NET Framework 4.5 Features:
  • .NET Framework 4.5
  • ASP.NET 4.5
  • WCF Services
    • HTTP Activation
    • TCP Port Sharing
If the Microsoft IIS server does not have all the required features, then it is necessary to install and enable the features before installing
Symantec ICA
. Refer to the following Microsoft Deployment Imaging Servicing Management (DISM) document for information about installing the features

Microsoft SQL Server Requirements for Hosting the
Symantec ICA
Database

Symantec ICA
requires the following infrastructure on the database server that host
Symantec ICA
:
Best practice recommends installation of Microsoft SQL Server Management Studio for managing Microsoft SQL Server.
Microsoft SQL Server Requirements for the
Symantec ICA
Database Server
Software
Requirement
Microsoft SQL Server
One instance of Microsoft SQL Server 2016 Enterprise Edition with cumulative update (CU) SP1 CU5 or later cumulative updates with the SQL Server Agent
If your server has less than 16 cores, then you must use Microsoft SQL Server 2016 SP2 CU14 or later, and set CoordinatorSafeJobUnblocking to 0 in the
msmdsrv.ini
file.
According to Microsoft, the CoordinatorSafeJobUnblocking option controls deep recursion. When the option is set to 0, then deep recursion is ignored. However, it can mitigate reported halted connection throttling jobs during processing which are observed for machines with less than 16 cores.
Microsoft Windows Server
Microsoft Windows Server 2012 R2 or later
Microsoft SQL Analysis Services
One instance of Microsoft SQL Server Analysis Services 2016 Enterprise Edition SP1 CU 5 or later cumulative updates
Microsoft SQL Server Developer Edition can be used for non-production environments of
Symantec ICA

Microsoft SQL Server Analysis Services Settings for
Symantec ICA

Best practices recommend the following Microsoft SQL Server Analysis Services (Microsoft SSAS) settings. The settings are in General Settings properties on Microsoft SSAS.
Microsoft SQL Server Analysis Services Settings
Setting
Recommendation
Server Mode
Multidimensional and Data Mining Mode
ExternalCommandTimeout
360000
ExternalConnectionTimeout
360000
Log\Flight Recorder\ Enabled
False
Memory\TotalMemoryLimit
  • In a shared environment with Microsoft SQL Server and Microsoft SSAS on same server: 45
    This should be set in conjunction with setting the SQL Server Relational Engine memory configuration to 50% of available server memory.
  • In shared environment with Microsoft SSAS is on a standalone server: 75
ServerTimeout
360000
See Also: Microsoft Analysis Services Query Performance Top 10 Best Practices at

TCP Port Requirements for
Symantec ICA

Symantec ICA
utilizes a Microsoft IIS website that uses several TCP ports to communicate with the
Symantec ICA
. If the host is equipped with an endpoint firewall, then the ports must be open for inbound and outbound traffic.
TCP Ports Used with
Symantec ICA
Usage
Default Port
Configurable
HTTP port
80
Yes
HTTPS port
443
Yes
SQL Server
1433
Yes
Analysis Server
2382
Yes
Analysis Server
2383
Yes

Required Installation Privileges and Credentials

The following table lists the necessary privileges required when installing
Symantec ICA
.
Required Installation Privileges
Environment
Privilege
Can be removed (Yes/No)
Windows Server
Administrator
No
SQL Server
sysadmin
Yes (conditional)
Requires sysadmin or dbcreator because a system level query is performed during installation or upgrade to determine available databases. The sysadmin privilege can be removed after installation or upgrade, but db_owner is still required.
SQL Analysis Server
Administrator1
No

Account Credentials for
Symantec ICA
Installation

The following account credentials are needed during installation of
Symantec ICA
:
  • The Microsoft SQL Server Analysis Services (Microsoft SSAS) impersonation account credentials: The impersonation account is the Microsoft SSAS account that has permission to access Microsoft SQL Server data. The account must have administrator rights on Analysis Services.
  • The
    Symantec ICA
    Service account credentials: The
    Symantec ICA
    server service account is the account that brokers communication between the Microsoft Windows server hosting
    Symantec ICA
    application and web services, and the SQL Server hosting the
    Symantec ICA
    database.
    If the account used for installation is not the service account, then ensure the account has Windows Server administrator privilege, SQL Server sysadmin privilege, and the SQL Analysis Server administrator privilege

Symantec ICA
Server Installation Privileges for the Application Server Hosting
Symantec ICA

Microsoft Windows requires administrator privileges to complete the
Symantec ICA
installation.
Symantec ICA
server setup must also be run with administrator privileges. It is recommended that the prerequisite software and
Symantec ICA
Server software be installed using the
Symantec ICA
server service account.
The following table lists the necessary privileges required for the service account.
Service Account Privilege
Environment
Privilege
Can be removed (Yes/No)
Windows Server
Administrator
No
SQL Server
Not applicable
Not applicable

Symantec ICA
Server Installation Wizard Privileges for Database Server Hosting
Symantec ICA

The
Symantec ICA
server installation wizard requires Microsoft Windows administrator privileges to run successfully. The administrator can connect to an existing database or create a database. When connecting to an existing database, the SQL system administrator (sysadmin) privilege is required. This privilege is required because a system level query is performed to determine available databases for installation.
When creating a new database, the SQL dbcreator privilege is required. The privilege can be removed after installation, but the db_owner user must remain for the database. Alternatively, the administrator can select to create a new database, and then enter the name of an existing database in the dialog box to connect to it. Connecting to an existing database using this method removes the need for the SQL sysadmin privilege. The db_owner is still required for the database.
The following table lists the necessary privileges required for using the setup wizard.
Server Setup Wizard Privileges
Environment
Privilege
Can be removed (Yes/No)
Windows Server
Administrator
No
SQL Server
sysadmin, or dbcreator
No
Microsoft IIS configuration takes place during the
Symantec ICA
server setup, and requires Windows administrator privilege.
Performing
Symantec ICA
administrative activities usually require administrator privileges on the database server hosting
Symantec ICA
. To reduce the likelihood of permission-related errors, best practice is to disable User Account Control (UAC) on the
Symantec ICA
host machine during installation and configuration of
Symantec ICA
.
For more information about UAC, refer to

Required Steady State Privileges

The following table lists the necessary privileges required when administering
Symantec ICA
after installation:
Required Administration Privileges
Environment
Privilege
Can be removed (Yes/No)
Windows Server
Administrator
No
SQL Server
sysadmin
Yes2
SQL Analysis Server
Administrator
No

Symantec ICA
Server Service Account and Steady State Usage Accounts

The
Symantec ICA
server service account brokers communication between the Microsoft Windows server hosting
Symantec ICA
and the SQL Server hosting the
Symantec ICA
database. The
Symantec ICA
server service account user must be a member of the local administrator’s group on the Windows Server hosting
Symantec ICA
, and must have the SQL db_owner privilege for the database being used by
Symantec ICA
.
The following table lists the necessary privileges required for the service account, and for steady state usage accounts on the database server hosting
Symantec ICA
:
Service and Steady State Usage Accounts
Environment
Privilege
Can be removed (Yes/No)
Windows Server
Administrator
No
SQL Server
db_owner of the
Symantec ICA
database
No
SQL Analysis Server
Administrator
No
1 This account is also referred to as the impersonation account.
2 If sysadmin is removed, then the user permissions for the administrator must be modified. Refer to Permission Settings to Run Symantec ICA for procedure to modify permissions.