Summary

A list of all the platforms supported by Nomad, and the software required to allow Nomad to be installed or to work.
On this page:

Tachyon Platform

Although not a requirement for generally using Nomad, Tachyon Platform 5.2 must be installed and available before you can use certain Nomad features.

The following Nomad features use Content Distribution and require Tachyon Platform and Tachyon features of 1E Client to be enabled:

Nomad 7.1 is the first version of Nomad to require Tachyon Platform. Earlier versions of Nomad used ActiveEfficiency to support similar features. Tachyon Platform previously included ActiveEfficiency.

The following features were provided in previous versions of Nomad:

  • 1E Client Health - now provided by the Guaranteed State feature of the Tachyon Platform
  • Nomad Dashboard - now provided by Nomad app feature of the Tachyon Platform.

The following is an extract from Tachyon Platform 5.2 - Requirements: Server software.

CategoryProductNotes

Server OS

  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016

For more detail, please refer to Requirements: Server requirements.

Only 64-bit server OS are supported. The server must be domain-joined.

This version of Tachyon requires the server OS to be English because of a known issue with certain regional settings.

If TLS 1.0 is disabled, then please ensure you follow the steps in Preparation: If TLS 1.0 is disabled to add registry entries, for the 1E Catalog Update Service to successfully connect to the 1E Cloud Catalog.

This list is automatically updated to show only those OS versions in mainstream support by Microsoft, and therefore supported by 1E.

Please refer to Constraints of Legacy OS regarding end of mainstream support.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions.

SQL Server and SQL Server Analysis Services (SSAS)

  • SQL Server 2019
  • SQL Server 2017
  • SQL Server 2016 SP2

For more detail, please refer to Requirements: SQL Server requirements.

Standard and Enterprise editions of these versions of SQL Server and SQL Server Analysis Services (SSAS) are supported.

SQL Server 2016 RTM is not supported due to some issues, which are resolved by SP1.

If you intend to integrate with third-party business intelligence products such as Power BI, you must install the Enterprise edition of SSAS as per their requirements.

A SQL Server database instance is required for the following databases:

  • 1ECatalog
  • ContentDistribution (optional - required for Nomad)
  • SLA-BI (optional - required for Patch Success)
  • SLA-Data
  • SLA-Integrate
  • SLA-Shared
  • TachyonExperience (optional - required for Tachyon Experience)
  • TachyonMaster
  • TachyonResponses

SLA databases

Tachyon Setup can install the above databases on separate SQL Server instances, however SLA-Data, SLA-Integrate, and SLA-Shared must exist on the same instance.

A SQL Server Analysis Services (SSAS) instance installed in Multidimensional mode is required for SLA Business Intelligence and Tachyon Experience.

SLA Business Intelligence

SLA Business Intelligence (BI) is required for the Patch Success application.

The BI installer creates the following:

  • A database called SLA-BI on the SQL Server database instance.
  • A MOLAP cube called SLA-BI on the SSAS instance.
  • A linked server for the SLA databases to get data from the SLA-BI database and then from the SLA-BI cube.
  • A linked server for the SLA-BI database to get data from the SLA databases.
  • A datasource definition used by the SLA-BI cube to connect to the BI database.

If the SLA databases, BI database, or SSAS instance for BI, are on different SQL Servers then the BI installer enforces the use of a SQL login on each instance. If they are on the same SQL Server then the installer gives you a choice of using integrated security (domain user account) or a SQL login.

However, if you are installing all the components from Tachyon Setup instead of their individual installers, then you are not given the choice. Tachyon Setup always uses integrated security. Contact 1E for support if your scenario requires the above mentioned databases to be on different SQL Servers. This affect different servers, not different instances.

Tachyon Experience

Tachyon Experience creates the following:

  • A database called TachyonExperience on the SQL Server database instance.
  • A MOLAP cube called TachyonExperience on the SSAS instance.

All SQL Server instances must be configured with the following:

  • A case-insensitive, accent-sensitive collation which is SQL_Latin1_General_CP1_CI_AS by default,
  • Allow remote connections to this server enabled.

All SQL Servers should be configured with the SQL Server Browser service running in order for the BI installer to select from a list of instances.

SQL Server Management Studio is required to review the configuration and edit settings in 1E database tables.

If installing SQL Server locally, note:

  • SQL Server 2016 and 2017 require .NET Framework 4.6 or later
  • SQL Server setup requires PowerShell 2.0.

For latest information about SQL Server prerequisites, please refer to MSDN: Hardware and Software Requirements for Installing SQL Server.

Distributed Transaction Coordinator (MSDTC) is not required. Prior to Tachyon Platform 5.2, MSDTC was required by the Nomad Dashboard feature of ActiveEfficiency, and had to be installed on SQL Servers hosting databases for ActiveEfficiency and Configuration Manager. This is not required by the Nomad app and Content Distribution, which has replaced ActiveEfficiency in Tachyon Platform 5.2 onwards.

Microsoft Endpoint Configuration Manager

  • SCCM CB 2111
  • SCCM CB 2107
  • SCCM CB 2103
  • SCCM CB 2010
  • SCCM CB 2006
  • SCCM CB 2002
  • SCCM CB 1910

Tachyon Platform uses Configuration Manager for the following optional apps and features:

Nomad provides the following Content Distrubution features for Configuration Manager:

The Nomad app requires the Content Distribution web service to synchronize with the Configuration Manager database. For standalone primary site environments, permissions are automatically assigned to the service account of Content Distribution's web application pool service (by default Network Service) using the ConfigMgr_DViewAccess localgroup native to Configuration Manager. For a CAS, this group is not created natively therefore additional steps are required to allow access. Please refer to Preparation: Microsoft Endpoint Configuration Manager preparation.

Web Server
  • IIS 10

See Preparation: Windows Server roles and features for details about required Web Server roles and features.

Other Software

  • Visual C++ 2013 Redistributable
  • ASP.NET Core Framework 3.1
  • .NET Framework 4.8
  • .NET Framework 4.7.2

See Preparation: Windows Server roles and features for details about required .NET Framework roles and features. To know supported combinations of OS and .NET Framework, please refer to: https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/versions-and-dependencies.

  • Windows Server 2016 has .NET Framework 4.6.2 installed by default.
  • Windows Server 2019 has .NET Framework 4.7.2 installed by default.

ASP.NET Core Hosting Bundle is required only for Nomad's Content Distribution component. It is not included with the Operating System, and must be downloaded and installed separately. If it not already installed, Tachyon Setup will attempt to automatically download version 3.1.11 and install it. Alternatively you can download it, or a later version, and install it yourself. For more detail please refer to Preparation: ASP.NET Core Hosting Bundle.

Tachyon Server installer includes and automatically installs the redistributable package for Visual C++ 2013. The Tachyon Coordinator (licensing module on the Master Stack), and Tachyon Switch (on Response Stack) are written in C++ using Visual Studio 2013 and therefore require Visual C++ 2013 runtime (x64); other server components use .NET Framework.

SQL BCP is required by the Export All feature described in Exporting data from Tachyon Explorer, and must be installed on each Tachyon Response Stack server (specifically the servers which have the Tachyon Core installed). BCP uses ODBC, which requires Microsoft ODBC Driver versions 13.1 and 17 and Visual C++ 2017 Redistributable to be installed first. Please refer to Preparation: SQL BCP for more detail.

PowerShell is required by Tachyon installer during installation.

Browsers

Latest version of:

  • Google Chrome
  • Microsoft Edge (Chromium)
  • Mozilla Firefox

A browser is not a prerequisite for installation of Tachyon Platform servers, but is required to use and administer Tachyon Platform. Administration is performed via the Tachyon Portal and can be on a remote computer.

The Portal and any API should be added as a trusted site. This is especially important when running scripts which may produce unexpected errors.

These browsers are supported on all OS platforms which the browser vendor supports.

Please review Known issues: Using Tachyon.

Microsoft legacy browsers

Support has been withdrawn for Internet Explorer 11 and legacy Microsoft Edge (non-Chromium version). 1E has taken this decision for new releases that are expected to remain in support by 1E beyond March 2021 when Microsoft Edge goes end of life and August 2021 when Internet Explorer 11 goes end of life. We recommend you use Google Chrome, Firefox or Microsoft Edge Chromium browser.

Nomad Administration Tools

CategoryProductNotes

Windows OS

OS versions supported by Configuration Manager versions listed below.


Microsoft Endpoint Manager Configuration Manager

  • SCCM CB 2111
  • SCCM CB 2107
  • SCCM CB 2103
  • SCCM CB 2010
  • SCCM CB 2006
  • SCCM CB 2002
  • SCCM CB 1910
  • SCCM CB 1906

1E maintains a testing cycle for our products relative to the Current Branch release cycle.  Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for latest information on future releases of CM Current Branch, and any advisories related to these releases.

When using CB 1910, be sure to apply Hotfix rollup KB4537079 or later to sites. Prior to this update there is an issue that prevents Alternate Content Providers downloading certain types of content referenced in Task Sequences.

Microsoft, and therefore 1E, no longer support CB1706. If you are running CB1706 and find that NomadAdminUI is not working as expected, we recommend you apply KB4036267 to address the issue.

For each Configuration Manager site server where you intend to administer task sequence packages to use Nomad as the alternate download provider, you need to ensure that:

  • The Configuration Manager Admin Console must be installed on the site server – as is the case in a default Configuration Manager installation. This is a prerequisite for the installing the Nomad Admin Console GUI extensions, which must be installed on the site server before installing on any remote Configuration Manager console
  • Ensure you meet the prerequisites for Configuration Manager if you are using the BIOS to UEFI feature:  BIOS TO UEFI 1.4 - Requirements

If these conditions are not met, the Nomad settings for task sequences will not be created correctly.

This is the case even if you install a remote Configuration Manager Admin Console with the Nomad Admin Console GUI extension, except for Nomad Branch Tools which are required to be installed on Configuration Manager Site Server only.


Runtime libraries

  • .NET Framework 4.8
  • .NET Framework 4.7.2
.NET Framework is required for the Admin Console GUI extensions, the Download Monitor, and NomadBranch GUI. It is not a requirement for other features of Nomad.
.NET Framework 4.6 and 4.6.1 have associated Microsoft hotfixes. We recommend you ensure the following are applied before installing or using Admin Console GUI extensions, the Download Monitor, or NomadBranch GUI.
  • KB3139551 Hotfix rollup HR-1602 - NPD 4.6/4.6.1 RTM – Win7SP1/Win2K8R2RTM/Win2K8R2SP1/VistaSP2
  • KB3139550 Hotfix rollup HR-1602 - NPD 4.6/4.6.1 RTM - Win8.1RTM/Win2K12R2RTM
  • KB3139549 Hotfix rollup HR-1602 - NPD 4.6/4.6.1 RTM - Win2K12RTM

Antivirus

Nomad is able to work with Antivirus systems provided they have certain exclusions configured.

It is likely that Nomad performance will be impaired by antivirus programs. To mitigate this, we have detailed suggested antivirus exclusions you can implement. Please refer to Nomad Post-installation tasks: Anti-virus exceptions.

Nomad client

The 1E Client (with Nomad client enabled) must be installed on client devices and Configuration Manager Distribution Points. 

CategoryProductNotes

Windows OS

  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • Windows 10 CB 21H2
  • Windows 11 CB 21H2
  • Windows 10 CB 21H1
  • Windows 10 CB 20H2
  • Windows 10 CB 2004
  • Windows 10 CB 1909
  • Windows 10 CB 1809

The zip for 1E Client for Windows is available for download from the 1E Support Portal.

Professional and Enterprise editions of Windows 10 are supported.

All versions are provided with 32-bit & 64-installers, and can be installed on physical and virtual computers.

This list is automatically updated to show only those OS versions in mainstream support by Microsoft, and therefore supported by 1E, and by 1E Client 5.2.

Please refer to Constraints of Legacy OS regarding end of mainstream support.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions.

For Windows Server 2016 Core Server installations:

  • Only 64-bit versions are supported
  • Distribution Points on this OS do not support PXE or Multicast.

For installation guidance on Windows, please refer to 1E Client 5.2 - Deploying 1E Client on Windows.

Nomad and Nomad Multicast require MSXML6 to communicate with the Configuration Manager client. This is present in all the supported versions of Windows (with the required service packs).

Peer copy over HTTP or HTTPS is the recommended method of peer sharing content.

Runtime libraries

  • .NET Framework 4.8
  • .NET Framework 4.7.2
  • .NET Framework 4.7.1
  • .NET Framework 4.7
  • .NET Framework 4.6.2
  • .NET Framework 4.6.1
  • .NET Framework 4.6

.NET Framework is required only for the following features of 1E Client:

  • The 1E Client UI (User Interaction) component of the Interaction module, which supports the notification and survey features
  • Windows Servicing Assistant (WSA) feature of the Shopping client module, which supports OS deployment, upgrades and migrations

This list is automatically updated to show only those .NET Framework versions in mainstream support by Microsoft, and therefore supported by 1E, and by Nomad 7.1.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Other Windows Software

  • Visual C++ 2013 Redistributable
  • Nomad 7.0 (or later)
  • PowerShell 3.0 (or later)

1E Client installer includes the redistributable package for Visual C++ 2013.

1E Client provides Tachyon client features. It also includes the Nomad client module which replaces the legacy Nomad Branch client. Tachyon client features can optionally use Nomad to download content (feature enabled by default) if the Nomad client module in 1E Client is enabled (module disabled by default) or Nomad Branch 7.0 or later is running.

PowerShell is not a prerequisite for installation of the 1E Client. PowerShell is used by some Tachyon instructions (that have PowerShell commands embedded or scripts that are downloaded) and some of these require PowerShell 3.0 or later. 

For more details, please refer to 1E Client 5.2 - Design Considerations: Downloading Tachyon client content and Nomad integration .

Microsoft Endpoint Manager Configuration Manager Client

  • SCCM CB 2111
  • SCCM CB 2107
  • SCCM CB 2103
  • SCCM CB 2010
  • SCCM CB 2006
  • SCCM CB 2002
  • SCCM CB 1910

This list is automatically updated to show only those Configuration Manager versions in mainstream support by Microsoft, and therefore supported by 1E, and by Nomad 7.1.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions.

1E maintains a testing cycle for our products relative to the Current Branch release cycle.  Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for latest information on future releases of CM Current Branch, and any advisories related to these releases.

When using CB 1910, be sure to apply Hotfix rollup KB4537079 or later to sites. Prior to this update there is an issue that prevents Alternate Content Providers downloading certain types of content referenced in Task Sequences.

If IIS filtering is enabled on Distribution Points, you may encounter problems during downloads if certain types of content are present in the download. Please refer to Nomad Post-installation tasks: IIS request filtering.

(Microsoft Endpoint Configuration Manager is also known as Configuration Manager, ConfigMgr, Config Man, CM and SCCM among other names. Version names include 2012 and Current Branch or CB.)

Antivirus

Nomad is able to work with Antivirus systems provided they have certain exclusions configured.

It is likely that Nomad performance will be impaired by antivirus programs. To mitigate this, we have detailed suggested antivirus exclusions you can implement. Please refer to Nomad Post-installation tasks: Anti-virus exceptions.

Legacy OS constraints

In this documentation, the following are referred to as legacy OS. Below are described some known issues for these OS.

1E does not provide support for 1E products on the following OS unless the OS is explicitly listed as being supported for a specific 1E product or product feature. This is because Microsoft has ended mainstream support for these OS or they are not significantly used by business organizations.

  • Windows XP *
  • Windows Vista
  • Windows 7
  • Windows 8.0
  • Windows 8.1
  • Windows Server 2003 *
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
1E Client 8.1 and later will not install on Windows XP and Windows Server 2003. Please contact 1E if you intend to continue using any of the other legacy OS. If you experience an issue, then please try replicating the issue on a supported OS.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

PowerShell limitations

PowerShell version 3.0 (required by some Tachyon instructions) is not supported on Windows XP, Vista and Server 2003. However, PowerShell 2.0 is supported on the following OS versions:

  • Windows XP SP3
  • Vista SP1 & SP2
  • Windows Server 2003 R2 & SP2

Certificate limitations - SHA2

Like most software vendors, 1E software requires the OS to support SHA2. If your organization has a PKI configured to use SHA2 256 or higher encryption, then your legacy OS may have already been updated to support it.

Windows XP and Server 2003 require an update as described in KB968730.  Microsoft no longer provides this hotfix as a download. You must contact Microsoft Support if you need it.

Windows 7 and Server 2008 R2 require an update as described in KB3033929. This update is not available for Vista and Server 2008.

Windows 8, 8.1, Server 2012, Server 2012 R2 and later OS already support SHA2.

Certificate limitations - encrypted certificate requests

Windows XP and Server 2003 are unable to encrypt certificate requests, whereas later OS are able to support higher more secure RPC authentication levels. If you are using a Microsoft CA and expect these clients to request (enrol) certificates then the CA must have its IF_ENFORCEENCRYPTICERTREQUEST flag disabled. It is disabled by default on Windows 2003 and 2008 CA, but is enabled by default on Windows 2012 CA.

To determine which InterfaceFlags are set, execute the following command on the CA server:

	certutil -getreg CA\InterfaceFlags

If the following is specified then it means the flag is enabled.

	IF_ENFORCEENCRYPTICERTREQUEST -- 200 (512)

To disable the encrypt certificate requests flag, execute the following commands on the CA server:

	certutil -setreg CA\InterfaceFlags -IF_ENFORCEENCRYPTICERTREQUEST
sc stop certsvc
sc start certsvc

Certificate limitations - signing certificates missing

On Windows computers, the installation MSI files, and binary executable and DLL files of 1E software are digitally signed. The 1E code signing certificate uses a timestamping certificate as its countersignature. 1E occasionally changes its code signing certificate, and uses it for new releases and patches for older versions, as shown in the table(s) below. 

Root Certificate Authorities are implicitly trusted to validate certificates, and their certificates must be correctly installed to do this. Your computers should already have the necessary root CA certificates installed, however this may have been prevented by your organization's security policies, or inability to connect to the Internet, or they are legacy OS. In general this is not an issue because by default Windows allows software to be installed and run without validation, although you may see a warning or experience a delay. However, you must have relevant CA certificates installed if you are using 1E Client (which self-validates its own files), or your organization has applied more secure polices (for example UAC, AppLocker or SmartScreen).

Typical reasons for issues with signing certificate are:

  • If your organization has disabled Automatic Root Certificates Update then you must ensure the relevant root CA certificates are correctly installed on each computer
  • If computers do not have access to the Internet then you must ensure the relevant root and issuing CA certificates are correctly installed on each computer, numbered in the table(s) below. 

The signature algorithm of the 1E code signing certificate is SHA256RSA. In most cases, the file digest algorithm of an authenticode signature is SHA256, and the countersignature is a RFC3161 compliant timestamp. The exception is on legacy OS (Windows XP, Vista, Server 2003 and Server 2008) which require the file digest algorithm of an authenticode signature to be SHA1, and a legacy countersignature. 

The table below applies to software and hotfixes released in 2020.

2020

Signing certificate

Timestamping certificates

Certificate

1E Limited

TIMESTAMP-SHA256-2019-10-15 and DigiCert Timestamp Responder

Issuing CA

DigiCert EV Code Signing CA (SHA2)

Thumbprint: 60ee3fc53d4bdfd1697ae5beae1cab1c0f3ad4e3

DigiCert SHA2 Assured ID Timestamping CA

Thumbprint: 3ba63a6e4841355772debef9cdcf4d5af353a297

and  DigiCert Assured ID CA-1

Thumbprint: 19a09b5a36f4dd99727df783c17a51231a56c117

Root CA

DigiCert High Assurance EV Root CA

Thumbprint: 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25

DigiCert Assured ID Root CA

Thumbprint: 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43

This is described in Common client requirements: Digital signing certificates. To verify if you affected by this issue see Client issues: 1E Digital Signing Certificates.

Certificate limitations - expired root certificates

Ensure that your Root CA Certificates are up-to-date on clients and servers. The Automatic Root Certificates Update feature is enabled by default, but its configuration may have been changed or restricted by Group Policy Turn off Automatic Root Certificates Update.

If this GPO is enabled, then you will see DisableRootAutoUpdate = 1 (dword) in HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot.