Summary

Information that will help you design and plan the implementation of Shopping in your organization.

On this page:

Infrastructure dependencies

CategoryProductNotes

Server OS

  • Windows Server 2019
  • Windows Server 2016

Systems running these server OS will support:

  • The Shopping services
  • Shopping Central Server and website
  • Shopping Admin console
  • Shopping Receiver
  • Shopping client module in 1E Client 4.1 or later

The list in the Product column is automatically updated to show only those OS versions in mainstream support by Microsoft, and therefore supported by 1E, and by Shopping 6.0. However the following OS continue to be supported as exceptions to help customers during their migration to the latest OS:

  • Windows Server 2012 R2

Shopping's Intune integration feature is not supported on legacy OS. 

Please refer to Constraints of Legacy OS regarding end of mainstream support.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions.

Client OS

  • Windows 10 CB 21H1
  • Windows 10 CB 20H2
  • Windows 10 CB 2004
  • Windows 10 CB 1909
  • Windows 10 CB 1903
  • Windows 10 CB 1809

Systems running these client OS will support:

  • The Shopping Admin console
  • Shopping client module in 1E Client 4.1 or later

The list in the Product column is automatically updated to show only those OS versions in mainstream support by Microsoft, and therefore supported by 1E, and by Shopping 6.0. However the following legacy OS continue to be supported as exceptions to help customers during their migration to the latest OS:

  • Windows 7 SP1

Shopping's Intune integration feature is not supported on any legacy OS. Please be aware that Microsoft Intune has very limited support for application deployment on Windows 8.1, especially for enterprise application types.

Please refer to Constraints of Legacy OS regarding end of mainstream support.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions.

SQL Server

  • SQL Server 2019
  • SQL Server 2017
  • SQL Server 2016 SP2
  • You must have one of these SQL Server versions installed.
  • SQL Server must be configured to use a case-insensitive, accent-sensitive collation as the server default (the preferred collation is SQL_Latin1_General_CP1_CI_AS).
  • If TLS 1.0 is disabled on either the Web server or the SQL Server you will need to install the SQL Server Native Client on the Web server before installing Shopping. Please refer to Preparation: Installing when TLS 1.0 is disabled for more details.

Microsoft System Center Configuration Manager

  • SCCM CB 2107
  • SCCM CB 2103
  • SCCM CB 2010
  • SCCM CB 2006
  • SCCM CB 2002
  • SCCM CB 1910
  • SCCM CB 1906
  • SCCM CB 1902
  • See Preparation: Configuration Manager rights for details.
  • If you are using the OS deployment feature, you must install a Shopping receiver on the Configuration Manager central site or CAS that Shopping points to.

Microsoft Intune

  • Intune Service Release 2006


  • Integration with Intune is an optional feature of Shopping. See Enabling Intune integration: Requirements.
  • Shopping has been tested with this release of Intune, there are no known issues with previous or newer Intune releases.
  • Azure Active Directory (AAD) is required, and must be in hybrid mode with seamless single sign-on (SSO) enabled, and either pass-through authentication or federation enabled.
  • See Preparation: Configuration Manager rights for details.

Web Server

  • IIS 10

Runtime libraries

  • .NET Framework 4.8
  • .NET Framework 4.7.2
  • Shopping server components requires one of these versions of .NET Framework
  • The legacy Shopping Agent requires one of these versions of .NET Framework
  • The Shopping module in Tachyon Agent 3.2 and later, and 1E Client 4.1 and later contains the following:
    • Replacement of the legacy Shopping Agent (which provides the loopback feature) has been re-written so it does not require .NET Framework
    • WSA - the WSA executable requires one of these versions of .NET Framework

Browsers

  • Google Chrome
  • Internet Explorer 11
  • Microsoft Edge
  • Microsoft Edge (Chromium)
  • Computers running these browsers support access to the Shopping self-service portal
  • Where localization for Portuguese is enabled, the language-code is pt-BR (Portuguese-Brazil)
  • Firefox is not supported when the Shopping self-service portal is accessed via HTTPS

Companion products

  1. ActiveEfficiency
  2. Tachyon Agent or 1E Client
  3. Application Migration (optional)
  4. Nomad (optional)
  5. WakeUp (optional)
  1. You must have ActiveEfficiency 1.10 or later. The Shopping Central service account relies on ActiveEfficiency Scout to retrieve user and machine information from the Configuration Manager site server database. See ActiveEfficiency Server 1.10 - Data capture accounts and the ActiveEfficiency Server 1.10 - ActiveEfficiency Synchronization Manager for details on how to install and configure the Scout component.
  2. Shopping client is available in 1E Client 4.1 or 5.0 as described in Preparation: 1E Client. 1E Client 4.1 or later must be used if TLS 1.0 is disabled in your environment, or if you wish to use the WSA enhancements introduced in Shopping 5.5.200. 1E Client 5.0 with the latest hotfix applied must be used if you are using the Microsoft Intune integration.
  3. If Shopping uses Application Migration then you will require one of the following:
  4. Nomad 6.3.201 or later is required by WSA to manage content and storage of user state using custom task sequence steps that are implemented with it
  5. You must have WakeUp Server 7.2 or later installed if you want to the Shopping Receivers policy refresh feature to use 1E WakeUp.

If you are implementing self-service OS deployment through Shopping using either the Windows Servicing Assistant or the OS Deployment Wizard, you will need to install Tachyon and Application Migration to support migration of applications during the OS deployment.

Application Migration supersedes the App Mapping feature in earlier versions of Shopping that required AppClarity 5.2 to provide application usage information to Shopping. Shopping integration with AppClarity 5.2 is no longer available and supported so you will need to move to using Application Migration.

Others

  1. SMTP/Exchange server
  2. Active Directory
  1. Access to an SMTP or Exchange server.
  2. Access to Active Directory. Where AD groups are specified for accounts with an associated group email address, you must have Exchange server for email notifications to be sent to all members of the group.

Constraints of Legacy OS

1E does not provide support for 1E products on the following OS unless the OS is explicitly listed as being supported for a specific 1E product or product feature. This is because Microsoft has ended mainstream support for these OS or they are not significantly used by business organizations.

  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8.0
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2

Please contact 1E if you require support for these legacy OS. If you experience an issue on these OS, then please try replicating the issue on a supported OS.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Digital Signing Certificates

Certificate limitations - expired root certificates

Ensure that your Root CA Certificates are up-to-date on clients and servers. The Automatic Root Certificates Update feature is enabled by default on these legacy OS but its configuration may have been changed or restricted by Group Policy Turn off Automatic Root Certificates Update.

If this GPO is enabled then you will see DisableRootAutoUpdate = 1 (dword) in HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot.

Certificate limitations - signing certificates missing

On Windows computers, the installation MSI files, and binary executable and DLL files of 1E software are digitally signed. The 1E code signing certificate uses a timestamping certificate as its countersignature. 1E occasionally changes its code signing certificate, and uses it for new releases and patches for older versions, as shown in the table(s) below. 

Root Certificate Authorities are implicitly trusted to validate certificates, and their certificates must be correctly installed to do this. Your computers should already have the necessary root CA certificates installed, however this may have been prevented by your organization's security policies, or inability to connect to the Internet, or they are legacy OS. In general this is not an issue because by default Windows allows software to be installed and run without validation, although you may see a warning or experience a delay. However, you must have relevant CA certificates installed if you are using 1E Client (which self-validates its own files), or your organization has applied more secure polices (for example UAC, AppLocker or SmartScreen).

Typical reasons for issues with signing certificate are:

  • If your organization has disabled Automatic Root Certificates Update then you must ensure the relevant root CA certificates are correctly installed on each computer
  • If computers do not have access to the Internet then you must ensure the relevant root and issuing CA certificates are correctly installed on each computer, numbered in the table(s) below. 

The signature algorithm of the 1E code signing certificate is SHA256RSA. In most cases the file digest algorithm of an authenticode signature is SHA256, and the countersignature is a RFC3161 compliant timestamp. The exception is on legacy OS (Windows XP, Vista, Server 2003 and Server 2008) which require the file digest algorithm of an authenticode signature to be SHA1, and a legacy countersignature. 

The table below applies to software and hotfixes released in 2020.

2020

Signing certificate

Timestamping certificates

Certificate

1E Limited

TIMESTAMP-SHA256-2019-10-15 and DigiCert Timestamp Responder

Issuing CA

DigiCert EV Code Signing CA (SHA2)

Thumbprint: 60ee3fc53d4bdfd1697ae5beae1cab1c0f3ad4e3

DigiCert SHA2 Assured ID Timestamping CA

Thumbprint: 3ba63a6e4841355772debef9cdcf4d5af353a297

and  DigiCert Assured ID CA-1

Thumbprint: 19a09b5a36f4dd99727df783c17a51231a56c117

Root CA

DigiCert High Assurance EV Root CA

Thumbprint: 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25

DigiCert Assured ID Root CA

Thumbprint: 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43