Requirements

  • Last update on November 6th, 2023

Infrastructure requirements

The following requirements apply to the key infrastructure components that support CoreView's on-premises functionality. 

All the prerequisites must be completed and validated before a deployment meeting can be conducted.

 
Architecture Component Minimum Requirement
Hybrid Agent Server Hardware1 Virtual or Physical Wintel Server
  CPU 2 Core
  RAM 8 Gb
  Storage 200 Gb
  OS Windows Server 2019
  Domain Member Optional
Active Directory Topology All
  Functional Level Windows 2003
Azure AD Connect Synchronization Version 2.x
Exchange Services CAS Server2 Exchange Server 2013
Docker Version Docker Community Edition (CE) runtime environment - most updated available version

1 The Hybrid Connector should be installed on a standalone virtual or physical server and not coexist with other business services.

2 Under Exchange 2013 and higher, each Exchange Server is also a CAS server. The CoreView Hybrid Connector must be configured to point to a specific Exchange server, and not a Virtual IP (VIP).


Network / Firewall requirements

The following requirements apply to network traffic that supports CoreView’s on-premises functionality. Please note that these network requirements pertain only to traffic between the on-premises connector and CoreView or the Microsoft Azure Service Bus infrastructure. 

The CoreView On-premises Connector will also need to communicate with the customer’s Active Directory and, optionally, a select Exchange Server. 

Please note that some hostnames listed below could include more subdomain names. For example, “*.usgovcloudapi.net" could include something like “cvgov.blob.core.usgovcloudapi.net". Please configure your firewall to allow traffic for all subdomain names reported in the list below.

 

Customer registered in CoreView commercial data centers 

Network components Target Hostname Port Requirement
Windows Services CoreView API Service *.4ward365.com 443 (TCP)
Windows Services CoreView API Service *.loginportal.online 443 (TCP)
Windows Services Azure Service Bus *.windows.net 443, 5671, 9354 (TCP, AMQP)
Windows Services Azure Container Registry *.azurecr.io 443 (TCP)
Hybrid Agent Azure Service Bus *.windows.net 443, 5671, 9354 (TCP, AMQP)
Hybrid Agent Azure Blob Storage

*.windows.net  

*.usgovcloudapi.net  

443 (TCP)
Hybrid Agent AD Domain Controller TBD by Customer 443 (TCP), 5985 (TCP), 5986 (TCP)
Hybrid Agent Exchange PowerShell Host TBD by Customer 80, 443 (TCP)
Hybrid Agent Visual Studio Services *.visualstudio.com 443 (TCP)
Hybrid Agent Microsoft O365 workloads *.microsoft.com 80, 443 (TCP)
Hybrid Agent Azure AD

*.windows.net 

*.microsoftonline.com 

*.microsoft.com

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Hybrid Agent MSOL

*.microsoftonline.com 

*.windows.net

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Hybrid Agent Exchange Online

*.office365.com 

*.outlook.com

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Hybrid Agent SharePoint Online *.sharepoint.com 80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Hybrid Agent Teams

*.lync.com 

*.digicert.com

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Hybrid Agent GoDaddy Certification Authority *.godaddy.com 80 (TCP), 443 (TCP)
Hybrid Agent CoreView All Services

*.4ward365.com  

*.loginportal.online 

*.windows.net  

*.azurecr.io  

*.windows.net  

*.usgovcloudapi.net 
51.104.176.249 

52.138.125.123 

52.155.24.120 

52.227.224.106

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Diagnostic Tool Azure Blob Storage cvhybridtool.azurecr.io 80, 443 (TCP)
Diagnostic Tool Azure Service Bus *.windows.net 443, 5671, 9354 (TCP, AMQP)
Diagnostic Tool Azure Blob Storage

*.windows.net  

*.usgovcloudapi.net 

443 (TCP)
Diagnostic Tool AD Domain Controller TBD by Customer 443 (TCP), 5985 (TCP), 5986 (TCP)
Diagnostic Tool Exchange PowerShell Host TBD by Customer 80, 443 (TCP)
Diagnostic Tool Microsoft O365 workloads *.microsoft.com 80, 443 (TCP)
Diagnostic Tool Azure AD

*.windows.net 

*.microsoftonline.com 

*.microsoft.com

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Diagnostic Tool MSOL

*.microsoftonline.com 

*.windows.net

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Diagnostic Tool Exchange Online

*.office365.com 

*.outlook.com

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Diagnostic Tool SharePoint Online *.sharepoint.com 80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Diagnostic Tool Teams

*.lync.com 

*.digicert.com

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Diagnostic Tool GoDaddy Certification Authority *.godaddy.com 80 (TCP), 443 (TCP)
Diagnostic Tool CoreView All Services

*.4ward365.com  

*.loginportal.online 

*.windows.net  

*.azurecr.io  

*.windows.net  

*.usgovcloudapi.net 
51.104.176.249 

52.138.125.123 

52.155.24.120 

52.227.224.106

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
 
 

Customers registered in CoreView Gov data centers:

Network components Target Hostname Port Requirement
Windows Services CoreView API Service *.4ward365.com 443 (TCP)
Windows Services CoreView API Service *.coreview.com  443 (TCP)
Windows Services Azure Service Bus *.usgovcloudapi.net  443, 5671, 9354 (TCP, AMQP)
Windows Services Azure Container Registry *.azurecr.us 443 (TCP)
Hybrid Agent Azure Service Bus *.usgovcloudapi.net  443, 5671, 9354 (TCP, AMQP)
Hybrid Agent Azure Blob Storage

*.usgovcloudapi.net 

443 (TCP)
Hybrid Agent AD Domain Controller TBD by Customer 443 (TCP), 5985 (TCP), 5986 (TCP)
Hybrid Agent Exchange PowerShell Host TBD by Customer 80, 443 (TCP)
Hybrid Agent Azure AD

*.windows.net 

*.microsoftonline.com 

*.microsoft.com

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Hybrid Agent MSOL

*.microsoftonline.com 

*.windows.net

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Hybrid Agent Exchange Online

*.office365.com 

*.outlook.com

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Hybrid Agent SharePoint Online *.sharepoint.com 80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Hybrid Agent Teams

*.lync.com 

*.digicert.com

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Hybrid Agent GoDaddy Certification Authority *.godaddy.com 80 (TCP), 443 (TCP)
Hybrid Agent CoreView All Services

*.4ward365.com  

*.loginportal.online 

*.windows.net  

*.azurecr.io  

*.windows.net  

*.usgovcloudapi.net 
51.104.176.249 

52.138.125.123 

52.155.24.120 

52.227.224.106

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Diagnostic Tool Azure Blob Storage cvhybridtool.azurecr.io 80, 443 (TCP)
Diagnostic Tool Azure Service Bus *.windows.net 443, 5671, 9354 (TCP, AMQP)
Diagnostic Tool Azure Blob Storage

*.windows.net  

*.usgovcloudapi.net 

443 (TCP)
Diagnostic Tool AD Domain Controller TBD by Customer 443 (TCP), 5985 (TCP), 5986 (TCP)
Diagnostic Tool Exchange PowerShell Host TBD by Customer 80, 443 (TCP)
Diagnostic Tool Microsoft O365 workloads *.microsoft.com 80, 443 (TCP)
Diagnostic Tool Azure AD

*.windows.net 

*.microsoftonline.com 

*.microsoft.com

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Diagnostic Tool MSOL

*.microsoftonline.com 

*.windows.net

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Diagnostic Tool Exchange Online

*.office365.com 

*.outlook.com

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Diagnostic Tool SharePoint Online *.sharepoint.com 80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Diagnostic Tool Teams

*.lync.com 

*.digicert.com

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
Diagnostic Tool GoDaddy Certification Authority *.godaddy.com 80 (TCP), 443 (TCP)
Diagnostic Tool CoreView All Services

*.4ward365.com  

*.loginportal.online 

*.windows.net  

*.azurecr.io  

*.windows.net  

*.usgovcloudapi.net 
51.104.176.249 

52.138.125.123 

52.155.24.120 

52.227.224.106

80 (TCP), 443 (TCP), 5985 (TCP), 5986 (TCP)
 
 

For additional information on the requirements for accessing the Azure Service Bus, please refer to the Microsoft documentation.


Important note about Multi-Factor authentication

If you implemented Multi-Factor Authentication (MFA) for accessing your Microsoft 365 cloud services, please mind creating a conditional access policy that excludes your on-premises Hybrid Connector IP address for asking any second-factor authentication for the CoreView service account CoreView named:

4ward365.admin@yourdomain.onmicrosoft.com

Without that exception policy, your CoreView tenant won’t be able to open any management session.

Please also mind your Hybrid Connector IP address could be behind a NAT applied by your network gateway for connecting to public networks such as the Internet. We recommend checking with your network specialist to identify your public IP address used by your on-premises for connecting to the public networks.

For more information about conditional access exception policy, please refer to the Microsoft documentation.


Security requirements

The following security requirements apply to CoreView’s on-premises functionality:

Type Minimum Permissions
CoreView Configuration Tenant Admin
Hybrid Agent Deployment Local or Domain Administrator
Active Directory Service Account Domain Administrator (**)
Exchange Service Account Organization Administrator Role
Exchange PowerShell Virtual Directory  Set to Basic or Integrated Authentication (*)

(*) Important note about Exchange Virtual Directory configuration:

There are two methods for configuring authentication when setting up the PowerShell virtual directory for remote access. If Basic authentication is enabled, SSL must also be enabled and configured with a valid public certificate.  

(**) If your company has security policies that don't allow setting service accounts with domain admin permission, please refer to the chapter “Hardening CoreView Hybrid Connector service accounts’ permissions” below.

If SSL is not enabled, then Windows Authentication should be set. In this scenario, you must configure gMSA for the Hybrid Connector hosting server and configure your CoreView Hybrid Connector to support the gMSA settings.

For more information about the settings of Exchange Powershell virtual directory refer to the Microsoft documentation.


Software requirements

The following software requirements apply to CoreView’s on-premises functionality:

Software or Services Minimum Requirements
CoreView SaaS Solution SKUs CoreSuite, ONPREM SKU, OS2019 SKU
CoreView Hybrid Agent Version > 1.0.6
Docker Version See chapter below

Docker engine installation

Please refer to the Microsoft documentation for the instructions to deploy docker service in your hosting server.

Please note that proceeding with this operation will trigger an automatic server reboot.