Installation Requirements
Quick links: Installation access rights, ESA components in a distributed environment, Prerequisites of each component, .NET requirements, DB requirements in Standalone mode
Installation requires outbound connectivity to esa.eset.com on TCP port 443 and the licensing servers.
Another requirement for running the installer is to have .NET Framework Version 4.8 (Full Install). The installer will automatically attempt to install .NET 4.8 if it is not already installed.
Windows Firewall exceptions essential for the proper function of ESET Secure Authentication On-Prem will be added automatically as part of the installation. If you are using a different firewall solution, see Firewall exceptions for information about essential exceptions that you will need to create.
Installation access rights:
•Active Directory environment:
oDomain administration rights: The installer must be run by a member of the "Domain Administrators" security group or by a user with administrator privileges.
Domain administration rights can be omitted when installing/uninstalling ESA Components in an AD environment via .MSI installer using command line parameters. In this case, use the NO_DOMAIN_ADMIN_MODE=1 parameter and then check the installation logs for further instructions marked as "Manual configuration needed.
oSchema extension rights: Essential when installing the Authentication Server. The installer must be run by a user member of the "Schema Admins" security group.
•Standalone deployment:
oLocal administrator rights
ESA components in a distributed environment:
ESA supports the installation of components in a distributed environment. Available models:
•Authentication Server (AS) installed in Active Directory Integration mode
oComponents installed in Active Directory Integration mode must be within the same domain, and they connect to AS automatically
oComponents installed in Standalone mode connect to AS via invitations
•Authentication Server (AS) installed in Standalone mode
oComponents must be installed in Standalone mode, and they connect to AS via invitations
Table of compatibility of ESA Components and Supported Operating Systems
Prerequisites for each component installation:
•Authentication Server:
oWindows Server 2008 or later server OS in the list of Supported Operating Systems
•Management Tools:
oWindows7 or later client OS in the list of Supported Operating Systems, Windows Server 2008 or later server OS in the list of Supported Operating Systems
o.NET Framework version 3.5
oWindows Remote Server Administration Tools, Active Directory Domain Services component (RSAT AD DS)
RSAT RSAT was previously known as the Remote Administration Pack (adminpack) and is downloadable from Microsoft. In Windows Server 2008 and later, you can install this component through the Add Feature wizard in the Server Manager. All Domain Controllers already have these components installed. |
•Reporting Engine (Elasticsearch):
oWindows7 or later client OS in the list of Supported Operating Systems, Windows Server 2008 or later server OS in the list of Supported Operating Systems
oServer JRE (Java SE Runtime Environment) version 1.8.0_131 and later versions of 1.8.x, Java/OpenJDK 11, 17, 18, 19, 20 or 21
oJAVA_HOME and PATH system environment variables contain the path to your installation of Server JRE or OpenJDK
o.NET Framework version 4.7.2
oThe version of the built-in elastic search is 7.17.15. Externally supports versions 6.x and 7.x
•Identity Provider Connector:
oWindows7 or later client OS in the list of Supported Operating Systems, Windows Server 2008 R2 or later server OS in the list of Supported Operating Systems
oIIS 7 or later with ASP.NET Framework version 4.7.2
•RADIUS Server:
oWindows7 or later client OS in the list of Supported Operating Systems, Windows Server 2008 or later server OS in the list of Supported Operating Systems
•Web App Plug-in for Microsoft Exchange Server:
oMicrosoft Exchange Server 2007 or later (64-bit only), with the Client Access role (Outlook Web App / Outlook Web Access) installed
o.NET Framework version 3.5
oInternet Information Services 7 (IIS7) or later
•Web App Plug-in for Microsoft SharePoint Server:
oMicrosoft SharePoint Server 2010, 2013, 2016, 2019 (64-bit only)
oMicrosoft SharePoint Server 2010, 2013 Foundation (64-bit only)
o.NET Framework version 4.5
•Web App Plug-in for Microsoft Dynamics CRM:
oMicrosoft Dynamics CRM 2011, 2013, 2015 or 2016
o.NET Framework version 4.5
•Web App Plug-in for Microsoft Terminal Services Web Access:
oThe Terminal Services role with the Terminal Services role service installed on Windows Server 2008 R2
o.NET Framework version 4.5
•Web App Plug-in for Microsoft Remote Desktop Services Web Access:
oThe Remote Desktop Services role with the Remote Desktop Web Access role service installed on Windows Server 2008 R2 and later server OS in the list of Supported Operating Systems
o.NET Framework version 4.5
•Web App Plug-in for Microsoft Remote Web Access:
oThe Remote Web Access role service installed on Windows SBS 2008 where it is called Remote Web Access, Windows SBS 2011, Windows Server 2012 Essentials, Windows Server 2012 Essentials R2 and Windows Server 2016 Essentials
o.NET Framework version 4.5
•Remote Desktop Protection:
oWindows Server 2008 R2 or later server OS in the list of Supported Operating Systems
oMicrosoft Windows 7 or later client OS in the list of Supported Operating Systems
oOnly 64-bit operating systems are supported
•Windows login protection:
oWindows Server 2008 R2 or later server OS in the list of Supported Operating Systems
oWindows 7 or later client OS in the list of Supported Operating Systems
•AD FS protection:
oWindows Server 2012 R2 or later server OS in the list of Supported Operating Systems
.NET Requirements:
•All components: .NET 4.8 Full Install
•Core Server: .NET 4.8 Full Install
•RADIUS Server: .NET 4.8 Full Install
•Management Tools: .NET 3.5 (4 on Windows Server 2012)
•Web App Plugin: .NET 4.8, however, IIS Filters require .NET version 3.5
•Reporting Engine (Elasticsearch) and FIDO: .NET Framework version 4.7.2
•Identity Provider Connector: .NET Framework version 4.6.2
ESA Core and RADIUS on a client operating system (client OS) Installing ESA Core (Authentication Server) and RADIUS Server on a client OS in the list of Supported Operating Systems might not be in alignment with Microsoft's licensing policy. Consult Microsoft's licensing policy or your software supplier for details. Moreover, a client OS may present other limitations (for instance, the number of maximum concurrent TCP connections) compared to an server OS. |
Database requirements in Standalone mode:
If the Authentication Server is installed in Standalone mode, it uses a built-in database by default. If you prefer an external database, the minimum database requirements are:
•Microsoft SQL / Microsoft SQL Express 2012 (11.0.2100.60)
•Postgre SQL 9.4.24