Hosted Application Servers
Service Center is resource-intensive. This means application servers should be dedicated to Service Center web applications and Windows Services. Sharing an application server with other applications results in contention for resources, particularly memory and disk throughput, which can significantly impact the performance of all applications on the server.
Hosted Application Server Capacity Guidance
|8 GB of RAM, 4 vCPU|
|16 GB of RAM, 8 vCPU|
|32 GB of RAM, 8 vCPU|
For maximum performance, the following hardware configurations are also recommended:
- •A paging file that is equal to at least the total amount of RAM, which is recommended for stability.
- •Application servers should be scaled up to a maximum of 32 GB of RAM before adding more application servers. This maximum is recommended due to the overhead for hosting the infrastructure code that launches and houses the VSC application domains, and because it is more efficient to have fewer scaled-up servers. Additionally, having fewer servers reduces the time to upgrade Barracuda Managed Workplace. However, if an application server has 32 GB of RAM and more RAM is needed, it is recommended to add a server. This ensures the server stays within the Windows Standard Edition memory limits, and spreads the load across multiple servers.
- •If you create virtual application servers, ensure that memory ballooning is not enabled.
- •If you are using more than on application server, you must set up HTTP/HTTPS load balancing with sticky sessions configured.
- •A Gigabit Ethernet LAN connection is required for connections between application servers, SQL Server, and the SQL Report Server.
- • It is not recommended to have more than 7 application servers; if more are needed, you should create another environment.
Server Center Worker Processes Management
The following worker process configurations are recommended:
- To avoid memory fragmentation, ensure that Service Center worker processes do not exceed 2.5 GB of RAM. When a Service Center worker process surpasses this limit, to minimize the number of VARs impacted by issues or performance problems, you can move the VARs to another worker process or create a new worker process.
- As a general rule, the number of worker process per server should not exceed twice the number of logical CPUs. For example, if a server has 4 logical CPUs, there should be a maximum of 8 worker processes.
SQL Server Configuration
To ensure maximum database performance, ensure that you have a dedicated SQL Server, which is defined as a system with Service Center and SQL Server installed. Do not install Windows Services and other web applications. Additionally, it is recommended that set the Max Degree of Parallelism (DOP) to 1.
Performing periodic DBCC CHECKDB operations on SCData database is not advised, as it can result in a large number of databases, and can swell database size. However, it is recommend that you run DBCC CHECKDB against the MW SCMaster database, as this is a Barracuda Managed Workplace system database that stored minimal amounts of data.
For scalability reasons, the SQL Reporting Server component must be installed on a different server from the SQL Server Database Engine. This is recommended primarily to off load CPU and memory usage from the SQL Server.
Service Center is resource-intensive. This means production systems should be dedicated to Barracuda Managed Workplace. Sharing a server with other applications results in contention for resources, particularly memory and disk throughput, which can significantly impact the performance of all applications on the server.
Memory and disk space requirements listed in this section must be dedicated to Service Center, so additional resources are required for the server operating system and any other roles performed.
- For easier scaling as you grow your usage of Barracuda Managed Workplace, it is recommended that you implement a two-server deployment.
- To reduce the possibility of data loss, store database backups on another
- system or device in addition to the SQL server.
- It is not recommended to install Service Center on Exchange servers or Hyper-V hosts, as these systems are typically extremely busy, and an installation could result in resource contention.
- Additionally, it is not recommended that you install Service Center on domain controllers, which can pose a security risk.
|Network Load Balancing|
Network Load Balancer
With the implementation of multiple Application Servers, load balancing is required to balance incoming requests across all Application Servers.
Load-balancing is driven by a unique virtual IP address that is typically associated with a specific URL. The hardware servers that will be hosting the content for the virtual IP address or URL will be configured in a server farm associated with the virtual IP address.
There are a number of predictor algorithms that handle the load-balancing. The following two methods can be easily deployed:
- Round Robin is a static load-balancing predictor in which servers receive connections on a strictly rotating basis, ignoring server weight. After a server receives a connection, it moves to the bottom of the connection queue.
- Least Connections is a dynamic load-balancing predictor in which network traffic patterns are considered. The load-balancer determines which server has the fewest connections and then forwards the incoming service request to it.
In order to function as expected the load balancer must be configured to use the persistence method source-address affinity (also known as sticky sessions). Using this method means the load balancer creates a record in memory noting to which server the requests were made for each originating IP address. All future requests from the same originating IP address will be forwarded to the same application server. A timeout may be specified so that these records are not kept forever.
Caution: If you have installed Service Center as new websites rather than virtual directories, you will need to either provision a NLB capable of having security certificates installed on it directly, or purchase the more expensive wild card certificates, which authenticate all sub-Domains for a Domain.
The Hosted Service Center database server require the following:
- Minimum hardware requirements as listed in the table below:
All the software listed in this section has passed performance testing with Barracuda Managed Workplace 2013. While it may be possible to install on other flavors of Windows or other required applications, it is not recommended because support may be limited for any products not explicitly listed.
The following installer is required:
- Windows Installer 4.5
Barracuda Managed Workplace will install natively for either 32- or 64-bit versions of the server operating system. When installing on a 64-bit operating system, all required software components must be installed in 64-bit mode. The following operating systems are supported:
- Microsoft Windows Server 2016 (Standard and Datacenter)
- Microsoft Windows Server 2012 R2 (Essentials, Standard, Datacenter
- Microsoft Windows Server 2012 (Essentials, Standard, Datacenter)
- Windows Server 2008 R2 (Web, Standard, Enterprise, Datacenter)
The following application frameworks are required:
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 4.6.0 or higher (4.6.1 or higher is recommended)
The following web servers are supported:
- Microsoft Internet Information Services 7.5, 8, and 8.5
Several versions of Microsoft SQL Server are supported, but the recommended version is Microsoft SQL Server 2016. Microsoft SQL Server 2016 provides functionality not available with other versions. For more information, see https://blogs.msdn.microsoft.com/sqlreleaseservices/sql-server-2016-service-pack-1-sp1-released/.
The following database servers are supported:
- Microsoft SQL 2016 (Recommended)
- Microsoft SQL 2014
- Microsoft SQL Server 2012 with Reporting Services (Standard or Enterprise)
- Microsoft SQL Server 2008 SP1 or R2 with Reporting Services (Enterprise Edition) with
- Microsoft SQL Server 2008 Management Objects
- Microsoft SQL Server 2008 Native Client
- Microsoft .Net 3.5 SP1
Important: Virtualization of SQL Server with Barracuda Managed Workplace is not supported because of performance concerns for CPU and disk performance. Barracuda Managed Workplace heavily relies on SQL Server for data loading, reporting, and high speed transactions, therefore it is recommended that you do not virtualize the SQL Server to ensure that the system is responsive, performs well, and to reduce complexity in deployment and troubleshooting. Data Centers typically encourage real hardware except where databases serve light applications such as blogs.
Important: For performance and management reasons, the Service Center databases should be housed in its own database instance on a dedicated system.
Barracuda Managed Workplace will work with any SMTP server. Authentication and port options are configurable.
- Microsoft Internet Explorer 10 and 11
- Google Chrome current version
- Mozilla Firefox current version
- Safari (Mac OS and iOS - partial)
The following lists the networking requirements for Service Center:
80 TCP inbound Access to the VARAdmin, SCMessaging and SC websites over HTTP.
80 TCP outbound Access to the license server and WSUS meta data server.
443 TCP inbound Access to the VARAdmin, SCMessaging and SC websites over HTTPS.
2195 TCP outbound Access to Apple web service (gateway.push.apple.com) for mobile device management feature.
2196 TCP outbound Access to Apple web service (feedback.push.apple.com) for mobile device management feature.
Firewall exceptions for the SCMonitor.exe and SCworker.exe applications must be made on each application server to allow for communications on all TCP ports where the source IP Addresses are those of the other application servers.
Required External Sites for Barracuda Managed Workplace
The following table outlines the external sites that must be allowed by security products for Barracuda Managed Workplaceto function properly.
Note: In addition to these sites, the URL where Service Center is installed must be accessible for communication between Onsite Manager, Device Managers, and managed devices.
Links to various product pages
Warranty lookup service
Patch metadata, wuident.cab
Windows self update URL
Update Center components, initial patch metadata, Service Center online help
Whats My IP service
License service, telemetry service, Service Center locator
Update center metadata
PRC Viewer and Server
Used by setup to download required components (prerequisites)
Used to connect to Microsoft patch management
Used in the bits-client log
Required External Sites for Avast Business Antivirus Pro Plus
If you’re using Avast Business Antivirus Pro Plus, the following external sites must be allowed by security products:
Required External Sites for Service Modules
If you’re using a service module, consult the documentation for the integrated program for any external sites that are required for communication.
SQL Server Hardware and Operating System Configuration
Note: Several versions of Microsoft SQL Server are supported, but the recommended version is Microsoft SQL Server 2016.
The information in this section is intended for advanced users or users with Database Administrator experience.If you are using a dedicated SQL server (that is separate from the system where Service Center will be installed), it is recommended that:
- other database applications are not using the SQL instance or system;
- you do not install other SQL instances on the same machine.
Additionally, you should ensure the following:
- Because SQL Server relies heavily on RAM for efficiency, it is recommended to provide as much RAM as possible.
- At a minimum, use a gigabit Ethernet LAN connection between the SQL Server and the application server and SQL Report server.
- The Windows Page file should be enabled, located on a storage system that is separate from the SQL data and transaction volumes, and explicitly set to at least the same size as the system’s physical memory.
- To maximize performance and reduce potential configuration complexities, install SQL server on a physical machine and not in a virtual environment. An example of a performance issue that can occur is if you are running on hardware-based NUMA and the virtualization technology is not configured properly.
- RAID 10 is recommended for all data volumes to maximize performance and minimize downtime. In particular, it is not recommended to use RAID 5 for transaction logs. For example, if there is a hard drive failure and you have to rebuild the array, you might be prevented from doing so due to reduced performance and incomplete parity data or data damage. Additionally, Barracuda Managed Workplace is a write-intensive application, and RAID 5 is less efficient at performing writes.
- For large deployments, it is recommended to have an Active/Passive SQL Failover Cluster to minimize outages should hardware issues occur.
SQL Server Configuration
The following SQL Server configuration settings are recommended:
- Use the Simple Recovery model for the databases, which includes changing the system model database to SIMPLE. Set the model database data file to 2 GB, the model log file to 2 GB, and set the growth in increments of 1 GB for both data and log files.
- Pre-allocate the TempDB data files and TempDB transaction log file to at least 2 GB.
- System with high speed IO and multiple CPUs may benefit from multiple TempDB data files. For more information, see Microsoft’s guidelines for multiple TempDB files.
Note: Do not exceed a ratio of 1:4 or 1:2 TempDB data files to CPUs. Typically, 1 file is used. If multiple data files are required you should set them to identical file sizes. It is not advised to exceed 8 files.
- When setting the maximum memory that SQL Server can use, leave at least 2 to 10 GB of RAM for the operating system.
SQL Server Operational Maintenance
Barracuda Managed Workplace has a built-in database maintenance feature that includes all the necessary procedures to ensure the database is optimized and cleans up the old data which includes index maintenance and defragmentation, statistics updating, and data cleanup based on retention settings. You are not required to configure maintenance plans in SQL Management Studio or to implement your own maintenance for the MW SQL databases.
Additionally, do not shrink database data files unless there is critically low space situation. Shrinking data files causes high index fragmentation, requires a lot of CPU and IO, and generates a lot of transaction log activity.
SQL Server Back Ups
When backing up SQL databases, use either native SQL Server backups, which are configurable through SQL Management Studio using maintenance plans, or use a third party back up solution that interacts with the SQL database engine, causing a checkpoint. Back up technologies that freeze or lock the database files from SQL Server are not supported.
The following database backup practices are recommended:
- File system snapshots cause IO stalls, therefore it is not recommended that file system snapshots be used. IO stalls can cause user latency in Service Center, and can cause expected internal operations run by Service Center to encounter an unexpected error if it times out, which could leave the application in a degraded state.
- For quick recovery, store a copy of the SQL database backups locally on the SQL server. It is also recommended to store copies of the SQL database backups on another storage device (such as another computer or an external hard drive) that is separate from the SQL server’s main storage. This ensures that backup files can be recovered if there is a hardware failure on the SQL Server.
- It is not recommended that you back up the databases by making copies of the MDF or LDF files.
- Run back ups outside of business hours.
If you are using IIS SMTP, you should have a cleanup routine to delete "badmail" email files from the file system, which can accumulate if Barracuda Managed Workplace alert emails are configured to be sent to invalid email addresses.
By default, new installs of Managed Workplace use TLS 1.2.
Enabling TLS 1.2 requires:
- Previous versions of TLS and SSL are disabled.
- The device you are installing Service Center on is up to date with all Microsoft Security Updates. Below is a table of the required hotfixes and updates as of Sept 2018.
|Windows 7 SP1 Windows 2008 R2 SP1|
|Windows 8.1 and Windows Server 2012 R2|
|Windows 10 Version 1607 and Windows Server 2016|
- The SQL server for Service Center is hotfixed to the latest updates.