Installation accounts

  1. AppClarity installer account:
    1. Must be a domain account with local admin rights on the AppClarity server
    2. By default, the AppClarity installer chooses the network service account. If you want to use a domain service account instead of the network service account, details of the account must be provided to the AppClarity installer as various permissions will be granted to this account during installation.
    3. Must be run under an account that is a member of the dbcreator server role on that server if it creates the database
    4. Must run under an account that is a member of the db_owner database role on the AppClarity database if it does not create the it
    5. Must have sysadmin privileges on the AppClarity database server.
      • If it has sysadmin privileges on the AppClarity database server, the installer will automatically create an SQL login for the service account and set the necessary database permissions
      • If it does not, you will get a warning that it will not be able to create the login and associated database permissions. Your DBA will need to set these up manually.
    6. Must have sysadmin or serveradmin rights to enable the Common Language Runtime (CLR) integration feature (disabled by default) must be enabled prior to installing the AppClarity database to allow use of objects implemented using CLR integration. To enable CLR integration using Transact-SQL use the CLR-enabled option in the sp_configure stored procedure:

      EXEC sp_configure 'clr enabled', '1'; RECONFIGURE;

      If you want to restrict the use of CLR, we recommend creating a named instance for the AppClarity database and enabling CLR just on that instance and you must refer to that named instance when you install AppClarity.

     
  2. 1E Catalog installer account:
    • Must be a domain account with local admin rights on the Catalog server
    • Must have sysadmin rights to the database instance
    • Must be run under an account that is a member of the  dbcreator  server role on that server if it creates the database
    • Must run under an account that is a member of the  db_owner  database role on the Catalog database if it does not create the database
    • Must have Modify permissions to C:\ProgramData\1E on the Catalog server

Service accounts

  1. AppClarity service account:
    • Must be a domain account with local admin rights on the AppClarity server
    • Must have Logon as service rights on the AppClarity server
    • Must be an account that is a member of the db_owner database role on the AppClarity database
    • Must run under an account that is a member of the  db_owner database role on the AppClarity database if it does not create it
    • Must have Modify permissions to C:\ProgramData\1E on the AppClarity server
    • Configuration Manager security role, as described below in Configuration Manager rights.
     
  2. 1E Catalog service account: 
    • Must be a domain account with local admin rights on the Catalog server
    • Must have Logon as service rights on the Catalog server
    • Must be an account that is a member of the db_owner database role on the 1ECatalog database
    • Must be run under an account that is a member of the dbcreator server role on that server
    • Must have Modify permissions to C:\ProgramData\1E on the Catalog server

Configuration Manager rights

To use the Custom SCCM uninstall feature, the AppClarity service account, or a group it is a member of, must be an Adminsistrative User in Configuration Manager. The permisssions are managed using the Configuration Manager Console, as described below.

Use AppClarity_Reclaim.xml to create a security role and then assign the AppClarity service account.

ClassesPermissions
  • Application
  • Distribution Point
  • Distribution Point Group
  • Package
  • Site
  • Status Messages
  • Task Sequence Package
  • Users
  • Read
  • Collection
  • Configuration Item
  • Global Condition
  • Full

This role and its rights happen to be the same as used by 1E Shopping Receivers. You may combine both into a single role if you wish.

Configuration Manager configuration

AppClarity connects to Configuration Manager and other data sources using ActiveEfficiency 1.9.600 or later. Your Configuration Manager systems must be configured to gather:

  • Software inventory
    • Inventory reporting detail – Full Details
      Setting the inventory reporting detail attribute 
    • Inventory these file types – *.exe on all client hard disks and subfolders
      Include .exe file types in the Inventoried file properties 
  • Software metering (metering rules are not necessary)
  • Hardware inventory
  • Active Directory System Group Discovery agent

Interaction between AppClarity components

Interaction between the different AppClarity components to enable product management and license management is summarized as follows:

  • AppClarity database – holds all the information on products including: application installations, versions and usage, entitlements. It also keeps records of licenses imported and associated with the products. Using this information, it is able to provide comprehensive but focused reports on product distribution, licensing and usage.
  • Catalog database – holds all the information about different vendors, their products, editions and versions, pricing, hardware devices, processors and Server information.
  • CatalogUpdateService – Generates on prem catalog database and sync daily updates from 1ECloud Server.
  • AppClarity service – coordinates the interaction between the database, the connectors, the Console and the Software Reclaimer.
  • ClickOnce Console installer – a web service that enables Microsoft ClickOnce installation for the AppClarity Console. This enables the AppClarity Console to be easily distributed with minimal management overhead.
  • Software Reclaimer – a small executable that is designed to not require installation and is intended for use in conjunction with a Configuration Manager task sequence or advert\program. Once the Software Reclaimer is running on the target computer, it enables the AppClarity service to control the removal of local applications.
  • ActiveEfficiency – provides server, workstation software installation and software usage information to AppClarity.

Using Custom SCCM uninstall

This feature is an alternative to using the Reclaimer and it enables you to re-use your existing Package/Program and Applications to reclaim un-used software – it is enabled from on Automation screen. You must already have a Deployments and Collections created in Configuration Manager for this to work and each application, there must be a separate install collection (mandatory) and an uninstall collection (optional – if the uninstall collection does not exist, the application will create one).

Before you can use this feature for legacy programs and packages, you must update the uss_RemoteClientFlag column for the SiteSettings table in the AppClarity database with this script.

UPDATE SiteSettings 
SET uss_RemoteClientFlags = 2096

We recommend updating uss_RemoteClientFlags=2096 (decimal value) as it is used to set the following client properties in Configuration Manager deployments:

  • (bit 4) DOWNLOAD_FROM_LOCAL_DISPPOINT –download the program from the local distribution point
  • (bit 5) DONT_RUN_NO_LOCAL_DISPPOINT – do not run the program if there is no local distribution point
  • (bit 11) RERUN_ALWAYS – always rerun the program. This is required for the reshopping feature

Further information on the RemoteClientFlag can be found in Microsoft's Developer network under SMS_Advertisement Server WMI Class.



Note: If any customer has created a separate Security Role and Security Scope for AppClarity, then these shall be suitably assigned to AppClarity Service User in SCCM Console under Administration tab.

Also, these Security Scope shall be suitably assigned to all the applications which has Install Collections in SCCM. Failing to do so, these applications will not be available in AppClarity for mapping.

Networking

The ports used for communications between the different AppClarity components are illustrated below. By default, Windows firewall on Windows Server 2008 will block ports. You need to ensure that these ports are open on the servers where each component resides. The IPv4 protocol must be enabled on your network for ClickOnce installation to work.
Ports used by AppClarity 

PortsPurposeConfigurable

TCP 1433 (ADO.NET)

1E AppClarity service to its SQL Server database.Yes
TCP 1433 (ADO.NET)1E Catalog Update Service to its SQL Server database.Yes
TCP 1433 (ADO.NET)ActiveEfficiency Server service (1E ActiveEfficiency) to its SQL Server database.Yes
TCP 1433 (ADO.NET)ActiveEfficiency Scout (Scout.exe) to the Configuration Manager SQL Server database.Yes
TCP 25 (SMTP)1E AppClarity service sending emails via the SMTP relay/gateway.Yes

WMI (DCOM)

TCP 135 and 445 (initially)

1E AppClarity service (Custom SCCM Uninstall feature) communicating with the SMS Provider on the Configuration Manager Site.  

TCP 135 and 445 are used to initiate communications and negotiate dynamic RPC and MSDTC ports. The dynamic ranges depend on the Windows OS version.

No
TCP 8334

AppClarity Console(s) to the 1E AppClarity service.

ActiveEfficiency Scout (AppClarity.Coordinator.Synchroniser.exe) to the 1E AppClarity service (to trigger a synchronization).

No

TCP 8335 (HTTP) or 8336 (HTTPS)

Software Reclaimer to the 1E AppClarity service .

Yes
TCP 80 (HTTP)AppClarity Connector to the ActiveEfficiency website ( ActiveEfficiency) .Yes
TCP 80 (HTTP)

Browsers to the ClickOnce Console Installer website (1EAppClarity).

The IPv4 protocol must be enabled on your network for the ClickOnce installation.

Yes
TCP 80 (HTTP)Browsers to the ActiveEfficiency website ( ActiveEfficiency) .Yes
TCP 80 (HTTP)Browsers to the Catalog website (CatalogWeb).Yes
TCP 80 (HTTP) or TCP 443 (HTTPS)1E Catalog Update Service to the 1E Cloud Catalog for catalog updates.No

Since the introduction of the 1E Catalog, AppClarity no longer requires MSMQ to communicate with ActiveEfficiency, however MSMQ is still a prerequisite for installation of AppClarity.

Sizing and deployment considerations

Single-server deploymentDistributed deployment


Number of machines5,00025,00050,000100,000200,000500,000
Benchmark configuration
Number of machines5,33717,72647,57485,417172,412427,263
Number of applications19,30026,00031,70022,50049,00077,000
Number of installations395,0001.1M3.2M5.2M9.1M31.4M
Combined Application server (AppClarity, ActiveEfficiency)
CPU cores4




RAM4 GB




ActiveEfficiency server (total)
CPU cores344668
RAM3 GB8 GB8 GB12 GB20 GB40 GB
ActiveEfficiency Scout application
CPU cores 1 2 2 2 2 4
RAM 1 GB 4 GB 4 GB 8 GB 16 GB 32 GB
ActiveEfficiency Server service
CPU cores 1 2 2 4 4 4
RAM 1 GB 4 GB 4 GB 4 GB 4 GB 8 GB
AppClarity server (including Catalog)
CPU cores122244
RAM1 GB4 GB4 GB8 GB16 GB32 GB
Database server (total)
CPU cores2446610
RAM12 GB12 GB20 GB36 GB60 GB96 GB
SQL Server instance maximum memory8 GB8 GB16 GB32 GB56 GB88 GB
Disk space for database12.5 GB18 GB32 GB55 GB105 GB267 GB
SQL Server HDD requirements
ActiveEfficiency database MDF4 GB4 GB8 GB16 GB32 GB72 GB
ActiveEfficiency database LDF50 MB50 MB50 MB50 MB100 MB200 MB
AppClarity database MDF2 GB6 GB14 GB24 GB48 GB128 GB
AppClarity database LDF1 GB2 GB4 GB8 GB16 GB48 GB
1E Catalog database MDF2 GB2 GB2 GB2 GB2 GB2 GB
1E Catalog database LDF2 GB2 GB2 GB2 GB2 GB2 GB
TempDB MDF1 GB1 GB1 GB2 GB3 GB12 GB
TempDB LDF64 MB100 MB200 MB400 MB1 GB2 GB
Expected Configuration Manager TempDB growth1 GB1 GB2 GB2 GB4 GB28 GB
End-to-end synchronization time (approximate)15 mins1 hr2 hrs3 hrs6 hrs23.5 hrs

Benchmarking criteria

  • Benchmarked against Windows Server 2012 R2 Hyper-V infrastructure, with database and application server components on separate virtual machines
  • CPU – Hyper-V host CPU configuration: 2x Intel Xeon CPU E5-2407 v2 @ 2.40GHz, 10M Cache, 4C, Max Mem 1333MHz
  • Networking – virtual machines connected over a 1Gbps link through a 1Gbps physical switch
  • Database storage – Samsung 850 EVO solid state drives (SSDs) attached locally to the Hyper-V host with up to 98k/90k IOPS (4K random read/write QD32), and MDF, LDF and TempDB on separate SSDs 

Recommendations

  • Servers can be deployed either on physical or virtual machines. For deployment on a virtual machine, assign the CPU cores at 100% virtual machine reserve
  • For environments with 25,000 or more computers, if the network usage between ActiveEfficiency, AppClarity and Database servers is a concern during the synchronization process, have a dedicated 1Gbps connection between these servers for the synchronization traffic
  • Database Server:
    • deploy data, logs and TempDB on separate physical disks
    • configure SQL Server with maximum server memory limit and not at the defaults to consume unlimited memory
    • for sizing the Database server in the recommendations above, up to 4GB RAM has been added for the operating system on top of SQL Server instance RAM requirements
  • AppClarity Server:
    • For environments with 200,000 or more computers, update the following entry for AppClarity in the  AMP.Coordinator.ServiceHost.config  xml file:
        <add key="ActiveEfficiencyWebServiceTimeOutSecs" value="600"/>
      This setting increases the web service response timeout duration to accommodate the long response time for a particularly large web service request during the AppClarity sync.